| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <LBvlQwNFBOQLAU_3Pb2ev_e8s78RCpn-WuptHBEkqc9YKvkxGFVcIgGqhG0VEfuMm0HcaFhb6i_SJhW7QlBdcnyVUoYbiVMJsoH9OcyYMBY=@proton.me> Date: Thu, 11 Sep 2025 15:02:57 +0000 From: josephgoyd via Fulldisclosure <fulldisclosure@...lists.org> To: Matthew Fernandez <matthew.fernandez@...il.com>, "fulldisclosure@...lists.org" <fulldisclosure@...lists.org> Subject: Re: [FD] Apple’s A17 Pro Chip: Critical Flaw Causes Dual Subsystem Failure & Forensic Log Loss > The device continues to boot without Secure Enclave protections, and the user is not notified. > > That silent failure means: > > - The iPhone is running in a degraded state with no cryptographic guarantees (Face ID, keybags, encryption root of trust are unavailable). > - The user believes the device is secure, but in reality, confidentiality and integrity are broken. > - Because forensic logs are pruned, the failure leaves no traceable evidence, compounding the security risk. > > This is what makes it high severity—it’s not just DoS, it’s a stealthy breakdown of the device’s core security model. > > On Wed, Sep 10, 2025 at 10:41 PM, Matthew Fernandez < [matthew.fernandez@...il.com](mailto:On Wed, Sep 10, 2025 at 10:41 PM, Matthew Fernandez <<a href=)> wrote: > >> On 9/4/25 20:57, Joseph Goydish II via Fulldisclosure wrote: >>> TITLE: >>> APPLE'S A17 PRO SILICON FLAW: SHARED I²C4 BUS BETWEEN SECURE ENCLAVE AND DIGITIZER CAUSES CASCADING SYSTEM FAILURE >>> >>> … >>> CONCLUSION: >>> This is a HIGH-SEVERITY HARDWARE DESIGN FLAW… >> >> Can you elaborate on why you consider this high severity? From the >> description, it sounds as if this behaviour is fail-closed. That is, the >> effects are limited to DoS, with security properties preserved. >> _______________________________________________ >> Sent through the Full Disclosure mailing list >> https://nmap.org/mailman/listinfo/fulldisclosure >> Web Archives & RSS: https://seclists.org/fulldisclosure/ _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/
Powered by blists - more mailing lists