GoKawiilResearchers at Paradigm Shift have published the technical details of usbliter8, a new unpatchable iPhone BootROM vulnerability that enables arbitrary code execution on devices powered by Apple’s A12 and A13 chips. Here are the details.
How usbliter8 works
In a highly detailed technical post published today, the Paradigm Shift Team details usbliter8 , a new exploit that “leverages both a hardware bug in the USB controller and a specific configuration flaw present in the device firmware” and cannot be patched.
The PS Team explains that ahead of today’s disclosure, it shared its findings and worked with Apple Product Security to coordinate the release. The researchers also thanked Apple’s security team for its “prompt response, constructive engagement, and cooperation throughout” the process.
In a nutshell, this bug affects the following Apple SoCs: A12, S4, S5, and A13. Althrough the authors only explicitly mention the iPhone in their write-up, these are the devices equipped with these SoCs:
A12: iPhone XR, iPhone XS/XS Max, iPad Air 3, iPad mini 5, iPad 8, and second-generation Apple TV 4K
iPhone XR, iPhone XS/XS Max, iPad Air 3, iPad mini 5, iPad 8, and second-generation Apple TV 4K S4: Apple Watch Series 4
Apple Watch Series 4 S5: Apple Watch Series 5, first-generation Apple Watch SE, and HomePod mini
Apple Watch Series 5, first-generation Apple Watch SE, and HomePod mini A13: iPhone 11/11 Pro/11 Pro Max, second-generation iPhone SE, iPad 9, and Studio Display
They add that “technical support for A12X/Z is possible,” but “it is not currently implemented.” That could add the 2018 and 2020 iPad Pro lineups to the list.
... continue reading