Yes, these attacks require physical access. But that’s exactly the threat model secure enclaves are supposed to secure against.
I think the problem is that people want to use them for both securing against physical attacks AND preventing the extraction of private keys by malware/apps/OS.
They should still be suitable for the latter. Concerning though nonetheless.
I was just trying to make this point in Cupcake (Hardware Wallet?) - #3 by jonah actually (that the physical security of the phone being used is not of the utmost importance in that scenario) but I don’t think that point landed there.