New BootROM Exploit Leaves A12 and A13 Apple Devices Open for Life
*Security firm Paradigm Shift has released details and a working proof-of-concept for an unpatchable vulnerability in the SecureROM of Apple’s A12 and A13 chips.*
The Vulnerability
Researchers at Paradigm Shift published technical details of the flaw on June 18. The exploit, named usbliter8, achieves arbitrary code execution by targeting a bug in the USB controller built into the affected chips. Because the BootROM, also called SecureROM, is hard-coded into the silicon at manufacture, no software update can close the hole.
The vulnerability sits at the earliest stage of the boot process. Any code that runs there can take control before the operating system loads or any later security measures activate.
Affected Hardware
The flaw covers every device that shipped with A12 or A13 silicon. That includes the iPhone XS, XS Max, XR, and the entire iPhone 11 lineup. Several iPad models and Apple Watch units that use the S4 and S5 chips are also exposed. These products will remain vulnerable for as long as they continue to run.
The same class of attack previously appeared in 2019 with the checkm8 exploit, which affected devices from the iPhone 4S through the iPhone X. usbliter8 simply extends that reach to the next generation of chips.
Why It Matters
Owners of these devices now face a permanent attack surface that cannot be removed through normal updates. For most users the risk stays theoretical until someone packages the exploit into malware or a jailbreak tool, yet the underlying exposure will never disappear. Future hardware generations avoid the problem only because they contain different silicon; every A12- and A13-based product stays exactly as exposed as it is today.
---
Sources:
No comments yet