Comment by adrian_b
1 day ago
I agree that few have been affected, but this has demonstrated gross incompetence of Apple, unless it had been an intentional backdoor, which would be even worse.
The fact that Apple keeps secret many technical details of their CPUs, like the existence of those hardware test registers, does not improve the security of their devices, but it weakens the security considerably.
Because of the Apple secrecy policy, the existence of the backdoor has been known and exploited by very few, but the same secrecy has enabled those few to spy on any interesting target for several years, without being discovered.
Had the test registers been documented, someone would have noticed quickly that they are accessible when they should not be, and the vulnerabilities would have been patched by Apple a few years earlier.
Hard disagree with the sentiment; the crown jewels of their hardware is the Secure Enclave and its software SEPOS which has benefitted significantly having its secrecy maintained. For decades now it has remained very much a blackbox that nobody has successfully attacked; and if it were attacked we would definitely know as its application of subverting it would be obvious.
As for the registers itself, I concede that information about those specifically could've been made available.