usbliter8 security flaw leaves aging Apple devices vulnerable

Source Domain: www.cultofmac.com

Still holding onto an iPhone XS, XR or 11 because it gets the job done? There’s now a good reason to upgrade: usbliter8. This security flaw lets anyone with physical access to an older iPhone hijack the startup process, and Apple won’t be able to patch it with a software update.

That’s because it isn’t an iOS bug — the flaw is in the chip’s boot code, the first thing that runs when you turn on the device.

What the usbliter8 iPhone security flaw does

Security researchers at Paradigm Shift discovered the flaw, which they call usbliter8, publishing a detailed technical breakdown on Thursday. The firm said it worked with Apple before making the information public.

As for the flaw, it lives in the USB controller built into the older iPhone chips. When you plug an affected iPhone into a computer while it’s in Device Firmware Update (DFU) mode, the exploit sends a specific sequence of tiny USB packets.

It tricks an internal memory pointer into going backward instead of forward, allowing attackers to write data into the wrong parts of the memory.

From there, things get worse. The attacker can plant code that survives restarts and boot a piece of software not approved by Apple. It can even stamp a “PWND” tag directly into the USB serial number, something jailbreakers have been doing for years.

Which Apple devices are affected?

The security flaw affects the iPhone XR, iPhone XS, iPhone XS Max, iPhone SE (2nd gen) and the entire iPhone 11 lineup. It also reaches way beyond your pocket. Paradigm Shift says it extends to the iPad Air 3, iPad mini 5, eight- and ninth-gen iPad, Studio Display, Apple Watch Series 4 and 5, Watch SE (1st gen), Apple TV 4K (2nd gen) and even the HomePod mini.

Researchers go on to say that “technical support for A12X/Z is possible,” but it’s “not currently implemented.” That means the iPad Pro 2018 and 2020 could end up on the…

Source