security
Owners of affected iPhones can stop checking for patches now: the fix for this SecureROM bug comes in a new handset
A newly disclosed BootROM exploit affecting Apple’s A12 and A13 chips gives researchers a way to break the secure boot chain on millions of iPhones and other Apple devices.
The exploit, dubbed “usbliter8” by security researchers at Paradigm Shift, targets a flaw in the SecureROM code found on the iPhone XS, XR, 11, and 11 Pro models, plus other devices powered by Apple’s A12 and A13 processors. Because the vulnerability resides in immutable BootROM code burned into silicon during manufacturing, it cannot be patched.
The researchers traced the issue to the Synopsys DesignWare USB controller used by Apple. A flaw in how the hardware handles certain USB setup packets allows attackers to corrupt memory during Device Firmware Update (DFU) mode, and ultimately gain control of SecureROM itself.
That might sound like an unremarkable minor moment in boot process, but SecureROM sits at the very bottom of Apple’s chain of trust. If an attacker can compromise it, they can interfere with everything that comes afterward.
For ordinary iPhone owners, there is little reason to panic. Exploitation requires physical access to a device and the ability to place it into DFU mode, which means this isn’t the sort of bug criminals are likely to weaponize in phishing campaigns or drive-by attacks.
For security researchers, however, BootROM vulnerabilities are the gift that keeps on giving. Unlike software flaws that disappear after the next patch Tuesday, these bugs remain exploitable for the lifetime of the hardware.
Paradigm’s proof-of-concept demonstrates the ability to run unsigned code during the boot