Recently, Pangu, a domestic security team, realized a perfect prison break after studying IOS 14 system. According to the information given by Pangu team, they realized it by using a hardware level vulnerability in Apple’s secure enclave security coprocessor. The secure enclave security coprocessor is basically the standard configuration of Apple’s intelligent products. Most products use the random key calculated by the processor to encrypt the data. Only secure enclave can access the encrypted data. Each key is independent and will not be uploaded to icloud. Therefore, it has excellent security effect in theory.
However, after testing, Pangu team found an “irreparable” vulnerability in the secure enclave security coprocessor, which originated from the hardware design problem of the secure enclave security coprocessor. It is a hardware level vulnerability, which means that the vulnerability can not be completely repaired. It is reported that this vulnerability can be used to crack the private security key of secure enclave security coprocessor, so as to bypass Apple’s security protection measures and directly obtain data.
This time, Pangu team cracked the IOS 14 system by using this vulnerability, and achieved a perfect prison break. If we further obtain the full access rights of the secure enclave security coprocessor, we will be able to directly obtain the user’s password, credit card and other information, which poses a great threat to Apple users. In addition, Pangu team confirmed that the vulnerability will affect at least five processors including a7-a11, and more than one million a11 devices are still in use.
At present, Apple has not responded to the vulnerability information, and Pangu team has not released the specific information of the vulnerability.