AI Generated Image
New unpatchable exploit targets Apple devices with A12 and A13 chips
9to5Mac • • technology
Key Points:
- Researchers at Paradigm Shift disclosed usbliter8, a new unpatchable iPhone BootROM vulnerability affecting Apple devices with A12, A13, S4, and S5 chips, enabling arbitrary code execution via a USB exploit in DFU mode.
- The exploit manipulates the USB controller to overwrite memory, allowing attackers with physical access to control the device’s startup process and run unauthorized code before iOS loads, though it does not directly compromise the Secure Enclave.
- The A13 chip’s SecureROM uses Pointer Authentication (PAC), but researchers bypassed this protection through staged memory corruption, demonstrating a sophisticated attack method.
- Since the vulnerability is unpatchable, the researchers recommend upgrading to newer hardware as the most effective mitigation, noting that affected devices could become targets for jailbreak tools similar to those developed after the earlier checkm8 exploit.
- Paradigm Shift coordinated disclosure with Apple and released a detailed technical write-up and a proof-of-concept project on GitHub, aiming to raise awareness about hardware security flaws in modern Apple devices.
