InfoSecBulletin Cybersecurity for mankind
Researchers at cybersecurity firm Paradigm Shift found a new flaw called usbliter8. This flaw can get around main boot protections on many older Apple devices, like iPhones with A12 and A13 chips.
The study describes an attack on SecureROM, which is the first code that loads when an Apple device turns on. It is key to the company’s secure boot process. Since SecureROM is built into the hardware during production, problems here can’t be solved with regular software updates.
LastPass says hackers stole customer data via Klue, supply chain breach
New Apple Exploit Bypasses Boot Defenses, Possibly Affects Millions of iPhones Worldwide
India’s Tata Electronics hit by cyber breach: Hacker target 630 GB record
Anthropic’s Mythos reportedly broke NSA classified systems in hours
OpenAI New Method “Deployment Simulation” Predicts AI Risks Before Deployment
AryStinger botnet infected thousands of D-Link routers globally
Hacker suspected of sending alerts across Brazil
CyberSentinel AI features 33 security tools like Nmap, SQLMap, and ZAP, utilizing Claude and GPT
Barracuda hosts Dhaka roundtable on cyber resilience
CISA Alerts Fortinet Users as FortiBleed Affects 86,644 FortiGate Devices
The researchers said the problem joins a hardware flaw in a USB controller with a weak firmware setup to break Apple’s boot process and get into the system.
“By publishing this research and the accompanying proof of concept, we aim to document the real-world impact of this class of hardware vulnerabilities, contribute to the broader understanding of modern BootROM security, and demonstrate that even recent SecureROM generations remain susceptible to subtle hardware flaws,” Paradigm Shift wrote in its disclosure.
Usbliter8 chains a USB controller bug and a device firmware configuration weakness. The exploit, which requires physical USB access to the targeted device, works against iPhones with A12 and A13 chips — including iPhone XS, XR, and 11 — and Apple Watches with S4 and S5 chips. It’s worth noting that the affected chips were released in 2018 and 2019.
However, the exploit cannot directly be used to access user data. The researchers noted in their disclosure that Apple’s Secure Enclave Processor (SEP), a separate security processor that protects user data, is not directly compromised by the exploit.
“Although usbliter8 doesn’t affect SEP itself, it opens up wider attack vectors to compromise the Secure Enclave,” Paradigm Shift researchers explained.
“By publishing this research and the accompanying proof of concept, we aim to document the real-world impact of this class of hardware vulnerabilities, contribute to the broader understanding of modern BootROM security, and demonstrate that even recent SecureROM generations remain susceptible to subtle hardware flaws,” the company’s researchers noted.
UPDATE:
Apple told that “its devices are designed with multiple layers of security in order to protect against a wide range of potential threats, and pointed out that iPhone, iPad and Watch models with A14/S6 or newer chips are not affected, and neither are any Mac devices.
The company also noted that the Usbliter8 exploit does not bypass data protection mechanisms, and user information such as files, photos, or messages cannot be directly accessed via exploitation of this vulnerability.
Apple said that while the vulnerability was fixed years before this research in its newer devices, it still appreciates the researchers sharing their work.”
