Unpatchable BootROM flaw targets Apple A12/A13 devices with USB code execution

1 min read
Source: 9to5Mac
Unpatchable BootROM flaw targets Apple A12/A13 devices with USB code execution
Photo: 9to5Mac
TL;DR Summary

Researchers disclosed usbliter8, an unpatchable BootROM exploit affecting devices with Apple A12/A13 chips that enables arbitrary code execution by sending specially crafted USB data while the device is in DFU mode. The vulnerability does not touch the Secure Enclave, but requires physical access and cannot be patched on affected hardware; Apple coordinated disclosure and a GitHub PoC is available. Affected devices include iPhone XR/XS/XS Max, iPhone 11 series, iPad 9, iPad Air 3, iPad mini 5, second-gen Apple TV 4K, Apple Watch Series 4/5, HomePod mini, and Studio Display, with possible A12X/Z support; upgrading to newer hardware remains the recommended mitigation.

Share this article

Reading Insights

Total Reads

0

Unique Readers

16

Time Saved

4 min

vs 5 min read

Condensed

90%

973101 words

Want the full story? Read the original article

Read on 9to5Mac