Apple won’t release a fix for Secure Enclave’s exposed decryption key

“Following the exposure of the decryption key protecting the firmware software running on the iPhone 5s’s Secure Enclave coprocessor that was posted on GitHub yesterday, an Apple source has reportedly said that any customer data securely stored in the cryptography coprocessor remains protected and that the company does not intend to roll out a fix at this time,” Christian Zibreg reports for iDownload Blog.

TechRepublic interviewed the hacker ‘xerub’ who posted the decryption key,” Zibreg reports. “He explains that decrypting the Secure Enclave firmware could theoretically make it possible to watch the cryptographic coprocessor do its work and perhaps reverse-engineer its process, but warned that ‘decrypting the firmware itself does not equate to decrypting user data.'”

“That’s why an Apple source who wished to remain unidentified told the publication that the key’s exposure doesn’t directly compromise customer data,” Zibreg reports. “‘There are a lot of layers of security involved in the Secure Enclave and access to the firmware in no way provides access to data protection class information,’ said the Apple source.”

Read more in the full article here.

MacDailyNews Take: No biggie.


Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.