there are 2 ways to tackle this:
a) sue everyone that expose this
b) get your **** together and make a more secure system!
Honestly, you don't know how security works.
Good security has layered defences. For example: First layer: You keep it a secret that there is a key. Second layer: You make it hard to find the key. Third layer: You make it hard to extract the key. Fourth layer (non technical this time): You go after anyone who extracts the key and tries to publish it. There will be several layers after that.
You are basically telling Apple to throw away layer four of their defences. This makes whatever their system does less secure.
Sooo... Is the Secure Enclave vulnerable now, or not? The rest of this discussion is interesting and all, but...
Layered defences. One layer of defences has come down. It's like you stored important information in a safe at your bank. The bad guys have found out that you have important information that you want to keep secret, and they just found out the address of the company that built the safe that the bank uses to store your secrets. Yes, they are one step closer to finding your secrets. But now they have to break into that company, find their plans for building the safe, and try to find out if there is anything in the plans that allows them to break into the safe. If they find something that allows them to open the safe (and that's a big "if"), then they still have to break into the bank.
In the end, it's all about time. Apple built a system a few years ago, as secure as they can. Part of the security is this multi-layered approach, where an attacker has to get through several levels of security, one by one, and that takes time. Years. And those years are used to develop something that is more secure. So around iPhone 13 time I wouldn't be surprised if the Secure Enclave is replaced with something that is more secure. In about 15 years time Apple will advice you not to rely on phones built today to keep anything secure.
It will now shut up those that think apples products are secure.
Ah, macfacts claiming to post Mac (or iOS) facts. What we have here is good security working as it should. Your iPhone is still secure _today_. It will be secure for many years. Today's iPhone won't be secure forever. We know that an iPhone running iOS 6 is today totally vulnerable, but it wasn't for a long long time, and nobody is using these phones anymore. An iPhone that you buy today will be secure for as long as you use it. At the time when people can break in, these phones won't be in use anymore.
So there is a one key that can reverse engineer all T2 chips out there? Is it not a poor a poor design for a secure enclave having this kind of master key. Basically that can be consider as a backdoor.
It's one level of security. The chip is exactly as secure as it always was - except that with this key people can start looking for insecurities. If the software inside is written perfectly then there are no insecurities. It has taken hackers several years to come to this point, so it has worked. Any security is time limited, and this encryption key has stopped hackers for a few years, so it did a good job.
And there is code in the T2 chip that MUST run, because otherwise the chip isn't working. Unencrypted code, that would have been obviously bad. But the T2 key must be able to decode that code, without any help from the outside. So it MUST be encrypted with a key known only to the T2 chip, and hidden as well as possible.
