A hacker going by the name of xerub claims to have published the decryption key that could be used to unlock the Apple iOS’ Secure Enclave Processor (SEP) firmware.
As of Thursday, Apple has not yet confirmed that the stolen key is legitimate, but did confirm that user data would not be affected if the key is valid.
In the report, Threatpost describes the potential threat:
“Publishing of the key now exposes the Secure Enclave to researchers and attackers alike, both of which will be able to examine the previously walled-off processor for vulnerabilities and gain insight into how it operates.”
Apple further describes Secure Enclave in the iOS Security Guide:
“The Secure Enclave is a coprocessor fabricated in the Apple S2, Apple A7, and later A-series processors. It uses encrypted memory and includes a hardware random number generator. The Secure Enclave provides all cryptographic operations for Data Protection key management and maintains the integrity of Data Protection even if the kernel has been compromised. Communication between the Secure Enclave and the application processor is isolated to an interrupt-driven mailbox and shared memory data buffers.”