Apple A12 and A13 Chips: New Unpatchable Exploit
5 hours ago
- #iPhone security
- #Apple A12/A13 chips
- #BootROM vulnerability
- Paradigm Shift discovered a BootROM vulnerability named 'usbliter8' affecting Apple's A12 and A13 chips, with a working proof-of-concept exploit.
- BootROM vulnerabilities are unfixable via software updates as they are hardware-based, leaving affected devices permanently vulnerable.
- The exploit leverages a USB controller bug by sending specific small packets to manipulate a hardware pointer, allowing unauthorized memory writes.
- A11 chips (e.g., iPhone X) are not vulnerable due to pointer resets, and A14+ chips are safe due to memory protection; only A12 and A13 are affected.
- Exploiting A13 chips is more complex due to Pointer Authentication Codes (PAC), requiring multi-step bypasses for code execution.
- Once exploited, the device can lower security settings, boot unsigned software, and displays a 'PWND' indicator in its USB serial number.
- The vulnerability, while not directly affecting the Secure Enclave, facilitates broader attacks and was disclosed to Apple before publication.