Tech

Paradigm Shift publishes unpatchable SecureROM exploit usbliter8 for A12 and A13 devices

AI-Generated Summary

3 sources

7 hours ago

1 views

Paradigm Shift publishes unpatchable SecureROM exploit usbliter8 for A12 and A13 devices — Photo: 9to5Mac

Key Points

Paradigm Shift publishes technical details and a proof-of-concept for “usbliter8,” a BootROM (SecureROM) exploit for Apple A12 and A13 chips.
The vulnerability is unpatchable because SecureROM code is built into the chip at manufacture, so software updates cannot remove it.
The exploit targets USB startup behavior and uses DFU mode to achieve arbitrary code execution by manipulating the USB controller’s handling of packet buffers.
Reported affected models include iPhone XS, XS Max, XR, and iPhone 11 lineup; additional devices are reported as affected based on chip generation (including some iPad and Apple Watch models with S4/S5).
Sources say A11 devices are not affected, while A14 and later chips are protected via correct BootROM-level configuration; A13 exploitation is described as more complex due to pointer authentication codes (PAC).

Security researchers at Paradigm Shift publish details of “usbliter8,” an exploit targeting a BootROM vulnerability in Apple devices with A12 and A13 chips. The affected chips include Apple’s SecureROM, the first code that runs during device startup, which is permanently embedded in the hardware. As a result, the underlying flaw cannot be fixed through software updates and leaves affected devices vulnerable for the lifetime of the hardware.

According to the reports, usbliter8 achieves code execution by exploiting a bug in the USB controller hardware and the way security protections are configured on vulnerable devices. The exploit is performed via USB Device Firmware Update mode (DFU mode), using a carefully crafted sequence of unusually small USB packets to manipulate internal memory handling. The researchers describe the issue as appearing to be hardware-related in the USB controller rather than caused by a flaw in Apple’s software.

The exploit expands on the previously disclosed BootROM issue “checkm8,” which affected older models. Reports also note that A11 devices are not affected due to a different USB handling approach, and that A14 and later chips include protections configured correctly at the BootROM level. Paradigm Shift states it coordinated disclosure with Apple before publication and that it also published a proof of concept.

How Outlets Covered This Story

9TO

9to5Mac

New unpatchable exploit targets Apple devices with A12 and A13 chips

Researchers at Paradigm Shift have published the technical details of usbliter8, a new unpatchable iPhone BootROM vulnerability that enables arbitrary code execution on devices powered by Apple’s A12 and A13 chips. Here are the details.

8 hours ago

APP

AppleInsider News

A12 & A13 Apple devices face an unpatchable SecureROM vulnerability

Security researchers have published a new unpatchable SecureROM exploit for Apple's A12 and A13 chips, extending public BootROM exploitation beyond the devices affected by checkm8.iPhone XRSecurity firm Paradigm Shift disclosed the unpatched exploit, called usbliter8, on June 18. It achieves code execution through a flaw in Apple's USB boot process.The vulnerability affects devices powered by Apple's A12 and A13 chips, including the iPhone XS, iPhone XS Max, iPhone XR, and iPhone 11 lineup. Several iPad models and Apple Watch devices powered by S4 and S5 chips are affected as well.Usbliter8 combines a hardware flaw in a USB controller with the way security protections are configured on affected devices. The attack works through Device Firmware Update mode, better known as DFU mode. Continue Reading on AppleInsider | Discuss on our Forums

11 hours ago

MAC

MacRumors

Apple's A12 and A13 Chips Facing New Unpatchable Exploit

Security research firm Paradigm Shift today published details of a new BootROM vulnerability affecting Apple's A12 and A13 chips, along with a working proof-of-concept exploit named "usbliter8." The BootROM, or SecureROM, is the first code an iPhone runs when it powers on. Because it is baked directly into the chip at manufacture, any vulnerability found there cannot be fixed with a software update, meaning affected devices will remain vulnerable for the rest of their lives. The last publicly known BootROM exploit of this kind was "checkm8," released in 2019 which affected devices from the iPhone 4S through to the iPhone X. usbliter8 now extends that history to the next generation of chips, covering the iPhone XS through to the iPhone 11 series. The exploit works by taking advantage of a bug in the USB controller built into Apple's chips. When an iPhone receives USB data during startup, the controller uses a memory buffer to store incoming packets. Paradigm Shift found that by sending a specific sequence of unusually small packets, they could manipulate an internal hardware pointer in a way that causes it to walk backwards through memory, allowing data to be written to locations it should never reach. The researchers say this appears to be a bug in the USB controller hardware itself, not in Apple's software. The A11 chip, used in the iPhone X, is not affected because its USB driver manually resets the pointer after each packet. A14 and later chips are also safe, as they configure a memory protection feature correctly at the BootROM level. The A12 and A13 sit in a vulnerable middle ground between the two. On A12 devices, gaining code execution is relatively straightforward. On A13 devices, things are considerably harder because Apple introduced a security feature called Pointer Authentication Codes (PAC), which detects and blocks certain types of memory tampering. Paradigm Shift says working around PAC on the A13 required a lengthy multi-step process before the researchers could finally take control of the processor. Once in control, the exploit installs a custom handler that survives a device restart and adds two capabilities: temporarily lowering the device's security settings, and booting unsigned software without any verification checks. It also injects the traditional "PWND" string into the iPhone's USB serial number as a signal that the device has been compromised, a convention that carries over from checkm8 and earlier exploits. Paradigm Shift notes that while usbliter8 does not affect the Secure Enclave directly, a BootROM compromise of this kind opens up wider avenues for attacking it. The firm says it reported its findings to Apple Product Security before publication and worked with Apple on coordinated disclosure. The full proof-of-concept code has been published alongside the write-up at ps.tc.Tag: Apple SecurityRelated Forum: iPhoneThis article, "Apple's A12 and A13 Chips Facing New Unpatchable Exploit" first appeared on MacRumors.comDiscuss this article in our forums

13 hours ago

Orion Innovation receives AWS Migration Competency certification for cloud transformation

Orion Innovation, a software engineering services partner, announces it has obtained Amazon Web Services (AWS) “Migratio...

1 sources 1 hour ago

Tech

GTA VI pre-orders set to open June 25 as Take-Two and Rockstar announce

Rockstar Games and publisher Take-Two Interactive announce that pre-orders for “Grand Theft Auto VI” will begin on June...

3 sources 11 hours ago

Tech

Midjourney unveils its first hardware: a full-body ultrasound scanner

Midjourney, known for its text-to-image AI, announces its first hardware product: “The Midjourney Scanner,” unveiled by...

3 sources 22 hours ago