Tag

Hardware Vulnerability

All articles tagged with #hardware vulnerability

Unfixable boot-level flaw strikes seven iPhone models; upgrade advised
technology20 days ago

Unfixable boot-level flaw strikes seven iPhone models; upgrade advised

Cybersecurity firm Paradigm Shift flags an unfixable hardware-level flaw, named usbliter8, in the USB controller/firmware that affects seven iPhone models (A12/A13 era: iPhone 11 family, XR, XS/XS Max, and second-gen iPhone SE) and some iPad/Apple Watch devices. The flaw can be exploited with physical access to override the startup process before iOS loads, enabling unauthorized software or data access. Since it’s a hardware design issue, there is no software update to fix it; the advised mitigation is upgrading to newer hardware.

Unpatchable USB flaw targets Apple SecureROM on A12/A13 chips
security21 days ago

Unpatchable USB flaw targets Apple SecureROM on A12/A13 chips

Paradigm Shift disclosed usbliter8, a hardware-level exploit that can execute code inside Apple’s SecureROM on A12/A13 by abusing a USB controller DMA bug; it requires physical access, DFU mode, and a dedicated RP2350-based board, and cannot be fixed by firmware, making it effectively unpatchable on affected devices (A12/A13/S4/S5). The public PoC covers iPhone XS/XS Max/XR, iPhone 11 line, iPad Air 3, iPad mini 5, iPad 8th gen, Apple Watch Series 4/5, and HomePod mini; A14+ appear safe. No Secure Enclave compromise reported and no CVE yet; for most users risk is low, but in high-security environments it creates a hardware boundary problem requiring device retirement or strict custody controls.

Unpatchable bootROM Flaw Hits iPhone XS to iPhone 11 via USB Exploit
technology21 days ago

Unpatchable bootROM Flaw Hits iPhone XS to iPhone 11 via USB Exploit

Security researchers reveal usbliter8, the first unpatchable iPhone bootROM exploit in years, affecting A12 (iPhone XS), A13 (iPhone 11) and related USB-controller hardware in Apple Watch Series 4/5 and HomePod mini. Exploitation requires physical access and a Raspberry Pi due to a USB controller data-packet flaw that exposes SRAM data; software updates cannot patch it, while A14+ chips are safe. The iPhone 11 remains supported for now, but the vulnerability persists on older hardware.