Unpatchable BootROM flaw targets Apple A12/A13 devices with USB code execution

Researchers disclosed usbliter8, an unpatchable BootROM exploit affecting devices with Apple A12/A13 chips that enables arbitrary code execution by sending specially crafted USB data while the device is in DFU mode. The vulnerability does not touch the Secure Enclave, but requires physical access and cannot be patched on affected hardware; Apple coordinated disclosure and a GitHub PoC is available. Affected devices include iPhone XR/XS/XS Max, iPhone 11 series, iPad 9, iPad Air 3, iPad mini 5, second-gen Apple TV 4K, Apple Watch Series 4/5, HomePod mini, and Studio Display, with possible A12X/Z support; upgrading to newer hardware remains the recommended mitigation.
- New unpatchable exploit targets Apple devices with A12 and A13 chips 9to5Mac
- Older iPhones are vulnerable to a flaw Apple likely can’t fix Mashable
- Apple's A12 and A13 Chips Facing New Unpatchable Exploit MacRumors
- A12 & A13 Apple devices face an unpatchable SecureROM vulnerability AppleInsider
- Researchers uncover an unpatchable security flaw affecting several iPhone generations - GSMArena.com news GSMArena.com
Reading Insights
0
16
4 min
vs 5 min read
90%
973 → 101 words
Want the full story? Read the original article
Read on 9to5Mac