‘Unpatchable’ Exploit Found in iPhone’s Secure Enclave Processor

BY Smidh

Published 4 Aug 2020

iPhone SE 2020 back

The team behind Pangu jailbreak has seemingly managed to find an “unpatchable” vulnerability in the Secure Enclave Processor (SEP) of the iPhones. If true, this could be a big deal as the SEP is used by Apple to store sensitive data such as Apple Pay details, Touch ID/Face ID data, and more.

The Secure Enclave Processor is a completely separate chip from the rest of the system components and it does not allow apps access to data stored on it. This is done for optimum security so that a hacker is not able to gain access to sensitive data on your iPhone in case they are able to bypass the lock screen security. This Secure Enclave chip is found inside all iPads, iPhones, and Macs starting with the iPhone 5s, iPad 5th gen., and Macs with T1 or T2 chip. The chip had first made its debut inside the iPhone 5s in 2013 before Apple expanded it to its other products as well.

The Pangu team has not provided more details on this “unpatchable” vulnerability that they have discovered and whether the exploit can be used to read data from the SEP or not. The vulnerability affects all iPhones and iPads powered by A7-A11 Bionic chips which means iPhone X and older devices are affected by it. The vulnerability was patched by Apple in the SEP in A12 Bionic and newer chips.

This is not the first time that the Secure Enclave processor on the iPhones has been hacked but a real-world scenario where these exploits have been used has never been reported. The SEP is one of the reasons as to why the iPhone has top-notch security and what separates it from a hoard of Android devices in the market in terms of security.