.png){kind=logo}
Security researchers have identified an unpatchable hardware vulnerability affecting older iPhone XS, XR, and iPhone 11 models. The discovery raises concerns about device security and highlights the limitations of software updates when hardware-level flaws are involved.
The exploit is said to be a hardware-level flaw that originated in the USB controller itself rather than a software flaw.
Security researchers have published a proof-of-concept exploit, dubbed ‘usbliter8’, that targets a vulnerability in Apple's BootROM component of the iPhone, the unalterable code that runs before iOS starts loading. Since BootROM is permanently etched into a chip during manufacturing, researchers have claimed that vulnerabilities discovered at this level cannot be fixed through software updates.
While the internal memory pointer inside the USB controller is only intended to move forward, they were able to move it backward as well. It allowed data to be written to the protected regions of the memory. The process of gaining control of the processor is claimed to be relatively straightforward, especially on A12-powered devices, once the vulnerability is triggered.
According to a report published by European cybersecurity research firm Paradigm Shift, the usbliter8 exploit targets a flaw in the USB controller integrated into Apple's A12 and A13 chips. The vulnerability is considered significant since it occurs at the BootROM level, the earliest stage of the device's boot process.
During an iPhone's startup, the USB controller usually stores incoming data in memory buffers. Researchers said they discovered a way to manipulate how the controller manages those buffers by injecting a specially crafted sequence of unusually small USB packets during startup. This causes memory corruption at a very low level of the system.
Also Read: Tim Cook Signals iPhone Price Hike Ahead as AI Boom Drives Memory Costs 40% Higher
The exploit affects devices based on Apple's A12 and A13 chipsets, as well as certain Apple Watch models using related silicon. The affected models include the following devices:
iPhone XS
iPhone XS Max
iPhone XR
iPhone 11
iPhone 11 Pro
iPhone 11 Pro Max
Additionally, several iPad models powered by the A12-series processors are also said to be vulnerable, including those based on A12, A12X, A12Z, and A13 platforms. Once successful, however, the exploit is claimed to be capable of lowering certain security restrictions and booting unsigned software that would normally fail Apple's verification checks.
Researchers have claimed they reported the vulnerability to Apple before publication and coordinated disclosure with the company. The proof-of-concept code has now been released publicly. However, it's worth noting that it requires physical access to the device to exploit, does not affect the Secure Enclave, and it is not a complete jailbreak at present.
