New unpatchable exploit targets Apple devices with A12 and A13 chips - 9to5Mac

Researchers at Paradigm Shift have published the technical details of usbliter8, a new unpatchable iPhone BootROM vulnerability that enables arbitrary code execution on devices powered by Apple’s A12 and A13 chips. Here are the details.

How usbliter8 works

In a highly detailed technical post published today, the Paradigm Shift Team details usbliter8, a new exploit that “leverages both a hardware bug in the USB controller and a specific configuration flaw present in the device firmware” and cannot be patched.

The PS Team explains that ahead of today’s disclosure, it shared its findings and worked with Apple Product Security to coordinate the release. The researchers also thanked Apple’s security team for its “prompt response, constructive engagement, and cooperation throughout” the process.

In a nutshell, this bug affects the following Apple SoCs: A12, S4, S5, and A13. Althrough the authors only explicitly mention the iPhone in their write-up, these are the devices equipped with these SoCs: