To be clear, the public @checkra1n jailbreak does not currently have any SEP exploit or mitigation bypass whatsoever for any device. Ironpeak claims that it does.
When we write things for public consumption, it is important that we are clear, accurate, and get basic facts right.
Good writing about deeply technical topics requires collaboration with subject-matter experts. It requires editing and peer review. There is no way around it.
I do not know what "vulnerability details" ironpeak emailed to Apple, but it was most likely a low quality bug report.
Apple could allow jailbreaking to continue without SEPROM exploits, while protecting users who do not want to jailbreak. It would take slightly more engineering effort to make that happen, but it is not difficult to do.
Political barriers are more difficult to overcome.
It is the prisoner's dilemma: Two completely rational individuals might not cooperate, even if it appears that it is in their best interests to do so.
Unpatchable exploits cannot be stopped, but if they remove the incentive to release them publicly, they might just stay private.
Security implications of this SEPROM vulnerability are not as bad as you might think:
(1) Browser-based (nation states) or app-based (community) jailbreaks cannot use it, because the value in TZ0 register is locked and cannot be changed after boot.
(2) Apple's HW and SW uses many different mitigations, and they work together to limit the impact of a single vuln. This vuln cannot even be triggered without a vuln like #checkm8. Unless something like #checkm8 is found for A12/A13, we cannot even check if this issue exists.
2/
(3) A #checkm8-based jailbreak can use this vuln to exploit SEPROM, patch SEP/OS in a meaningful way, and then protect SEP from further access after iOS boots. SEP could then still be secure against accesses from the AP, and apps and tweaks will not be able to exploit it.
3/
1/ The last iOS device with a public bootrom exploit until today was iPhone 4, which was released in 2010. This is possibly the biggest news in iOS jailbreak community in years. I am releasing my exploit for free for the benefit of iOS jailbreak and security research community.
2/ What I am releasing today is not a full jailbreak with Cydia, just an exploit. Researchers and developers can use it to dump SecureROM, decrypt keybags with AES engine, and demote the device to enable JTAG. You still need additional hardware and software to use JTAG.