New iPhone BootROM Flaw Enables Hardware-Level Compromise
ID: 9b683517-b5f2-5b9b-802b-6a71b92c00a8
STIX ID: report--9b683517-b5f2-5b9b-802b-6a71b92c00a8
Feed Name: The Cyber Express
The report details a proof-of-concept exploit named "usbliter8" that abuses a DMA pointer/reset flaw in the Synopsys DesignWare USB2 (DWC2) controller to trigger buffer underflows and controlled memory corruption on Apple A12, A13, and Apple Watch S4/S5 devices. Researchers achieved SecureROM code execution (including EL1 privileges), built ROP chains and bypasses for PAC-protected platforms, and demonstrated persistent BootROM modifications allowing unsigned iBoot images; because the vulnerability resides in immutable BootROM/SecureROM, affected devices remain permanently exposed and hardware replacement is the primary mitigation.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
