New ‘unpatchable’ exploit allegedly found on Apple’s Secure Enclave chip

Filipe Espósito, 9to5Mac:

One of the major security enhancements Apple has brought to its devices over the years is the Secure Enclave chip, which encrypts and protects all sensitive data stored on the devices. Last month, however, hackers claimed they found a permanent vulnerability in the Secure Enclave, which could put data from iPhone, iPad, and even Mac users at risk.

Good explainer. A few key points:

  • This vulnerability is permanent. Because the Secure Enclave is embedded in the processor and not patchable, it cannot be fixed on a specific device.
  • That said, Apple has fixed the design itself, starting with the A12. So if you’ve got a device with an A7 through A11, that issue exists on your device.
  • The good news? To take advantage of the exploit, a hacker would need physical access to your device.

Here’s a list of devices that have the Arm A12. If you’ve got one of these, or newer, you’ve got the fix in place:

  • iPhone XS and XS Max
  • iPhone XR
  • iPad Mini (5th generation)
  • iPad Air (2019, 3rd generation)