O

Onion

Onion Yes, they can bypass the phone being locked and gain control of the OS. Lockdown mode doesn't seem to block them or they'd mention the limitation since this is documentation on using Cellebrite Premium. It's not meant for public consumption and is not marketing material, although their ability to exploit most devices does end up marketing their products simply by publishing it since they're doing a good job keeping up. They probably don't mind us posting it much.

How supersonic BF is possible on iphone XR/XS/11 ? couple years ago checkm8 team found a flaw on secure enclave (up to iphone X) and apparently Apple did the job to remove the flaw on new iphones

There's no sign of Apple preventing exploitation of the secure element. iPhone 12 and later added an additional layer of security for the brute force protection. The main portion of the secure element is probably still getting exploited, it just doesn't bypass this. Cellebrite could therefore still bypass most of the secure element features but they have no need for it.

Onion Pixel 2 has an off-the-shelf NXP secure element which is likely far less secure than the Titan M1. You're misinterpreting lack of capability as more security but that's not what it means. They likely started caring a lot about Pixels much later and never dedicated the resources to dealing with the Pixel 2 secure element. Pixel 3 through 5a have the same Titan M1 secure element. Pixel 2 is a separate thing, and while likely much easier to exploit is only 2 devices which had far lower sales than more recent Pixels and are hardly used by anyone anymore. If they had a real reason to deal with it, they likely could do it and without as much trouble as later Pixels.