Researchers at Paradigm Shift have published the technical details of usbliter8, a new unpatchable iPhone BootROM vulnerability that enables arbitrary code execution on devices powered by Apple’s A12 and A13 chips. Here are the details.
How usbliter8 works #
In a highly detailed technical post published today, the Paradigm Shift Team details usbliter8
, a new exploit that “leverages both a hardware bug in the USB controller and a specific configuration flaw present in the device firmware” and cannot be patched.
The PS Team explains that ahead of today’s disclosure, it shared its findings and worked with Apple Product Security to coordinate the release. The researchers also thanked Apple’s security team for its “prompt response, constructive engagement, and cooperation throughout” the process.
In a nutshell, this bug affects the following Apple SoCs: A12, S4, S5, and A13. Althrough the authors only explicitly mention the iPhone in their write-up, these are the devices equipped with these SoCs:
A12: iPhone XR, iPhone XS/XS Max, iPad Air 3, iPad mini 5, iPad 8, and second-generation Apple TV 4KS4: Apple Watch Series 4S5: Apple Watch Series 5, first-generation Apple Watch SE, and HomePod miniA13: iPhone 11/11 Pro/11 Pro Max, second-generation iPhone SE, iPad 9, and Studio Display
They add that “technical support for A12X/Z is possible,” but “it is not currently implemented.” That could add the 2018 and 2020 iPad Pro lineups to the list.
The way usbliter8
works is: it sends specially crafted data to a device over USB while it is in DFU mode, confusing the USB controller and causing it to write data to the wrong part of memory.
That gives an attacker with physical access to the device control over its startup process. From there, they can run their own code before iOS loads, bypass signature checks, and boot modified system software.
Importantly, the exploit does not affect or compromise the device’s Secure Enclave, which in practice means that data such as passcodes and encrypted user data remain secure.
That said, PS Team says that “although usbliter8
doesn’t affect SEP itself, it opens up wider attack vectors to compromise the Secure Enclave,” adding that “by releasing this exploit publicly, we hope to highlight the real-world impact of these hardware flaws and contribute to a broader understanding of modern SecureROM security.”
The PS Team explains that there are different methods for leveraging the exploit on A12, S4, S5, and A13 chips, with the A13 exploit being more intricate because its SecureROM uses Pointer Authentication, or PAC, a security feature designed to prevent attackers from redirecting code execution.
However, the researchers found a way around PAC by carefully corrupting several parts of memory in stages, eventually taking control of the USB interrupt handler and using it to run their own code.
What now? #
Given that this is also an unpatchable exploit, the researchers note that “affected users should be aware that migrating to newer hardware remains the most effective mitigation.”
Interestingly, this exploit doesn’t affect the A11 or earlier chips, which are vulnerable to a separate unpatchable BootROM exploit known as checkm8.
After that exploit was discovered, it became the foundation for several jailbreak tools targeting older iPhones and iPads, so it is possible that the same might happen with the devices affected by usbliter8
.
In addition to the technical write-up, the researchers also published a proof-of-concept project on GitHub, which has amassed more than 280 stars in just a few hours.
Their write-up of the process is highly technical but a fascinating read. To learn more about usbliter8
and how it works, [follow this link](https://ps.tc/pages/blog-usbliter8.html).
*(h/t Gui Rambo)*
Worth checking out on Amazon
Geoffrey Cain – ‘Steve Jobs in Exile’David Pogue – ’Apple: The First 50 Years’MacBook NeoLogitech MX Master 4AirPods Pro 3AirTag (2nd Generation) – 4 PackApple Watch Series 11Wireless CarPlay adapter
*FTC: We use income earning auto affiliate links.* [More.](https://9to5mac.com/about/#affiliate)
[our homepage](http://9to5mac.com/)for all the latest news, and follow 9to5Mac on
[exclusive stories](https://9to5mac.com/feature/exclusive/),
[reviews](https://9to5mac.com/guides/review/),
[how-tos](https://9to5mac.com/guides/how-to/), and
[subscribe to our YouTube channel](https://www.youtube.com/9to5mac)