gbhackers.com • 1w
Apple iPhone BootROM Vulnerability usbliter8
A critical hardware-level vulnerability in the Apple SecureROM (BootROM) enables privileged execution on A12 and A13 chipsets via the 'usbliter8' exploit. The flaw stems from a design weakness in the Synopsys DesignWare USB 2 (DWC2) controller, where a mismatch between DMA pointer increments and resets during USB Setup transactions triggers a buffer underflow. Attackers can bypass Pointer Authentication Codes (PAC) on A13 devices using heap corruption and interrupt handler manipulation to achieve EL1 privileged execution in Device Firmware Update (DFU) mode. Because the vulnerability exists in the immutable BootROM, it is unpatchable via software updates, requiring hardware replacement for full remediation.