Security researchers at Paradigm Shift have published a detailed report describing a security vulnerability affecting several Apple devices. The flaw, called “usbliter8,” is linked to the USB system and certain Apple silicon chips.
Impossible to Fix
According to the report, the exploit is caused by a hardware bug in the USB controller along with a firmware configuration flaw. Since the problem exists at the hardware level, it is considered unpatchable.
However, the researchers noted that an attacker must have physical access to the device to take advantage of the vulnerability.
When a device is placed in Device Firmware Update (DFU) mode, specially crafted data can be sent over USB. This can confuse the USB controller and force it to write data to the wrong area of memory, allowing custom code to run before iOS starts. As a result, an attacker could bypass signature checks and run modified system software.
The researchers said the exploit does not compromise Apple’s Security Enclave, which stores encrypted information such as passcodes and other sensitive user data.
Affected Devices
The usbliter8 exploit affects devices powered by Apple’s A12, A13, S4, and S5 chips. This includes the iPhone XR, iPhone XS, iPhone XS Max, iPad Air 3, iPad mini 5, iPad 8, second-generation Apple TV 4K, iPhone 11, iPhone 11 Pro, iPhone 11 Pro Max, iPhone SE, iPad 9, Studio Display, Apple Watch Series 4, Apple Watch Series 5, and Apple Watch SE.
Researchers say owners of these devices should be aware of the issue because it cannot be fixed through a software update.
Only Long-Term Solution
Researchers said Apple worked closely with them to address the issue where possible. However, because the vulnerability is rooted in hardware, the most effective way to protect against it is to upgrade to a newer device, especially if there is a risk of the phone being stolen.
Interestingly, the researchers also noted that older Apple devices using the A11 chip are not affected by the usbliter8 exploit.
Stay Connected with ProPakistani
Get the latest tech news, telecom insights, and product launches wherever you prefer.
Add ProPakistani to Preferred Sources and see more of our stories in Google Search and Top Stories.
