Ekhbary News Agency | May 15, 2024
Security researchers have unveiled a highly critical vulnerability, dubbed "usbliter8," impacting a wide array of Apple devices. This flaw, affecting A12 and A13 chips, alongside S4 and S5, is unpatchable via software updates, presenting a significant challenge for device security.
Nature of the Vulnerability
The issue stems from a subtle defect in the USB port controller components, coupled with specific firmware settings. When a device is placed into DFU mode, this flaw allows for the delivery of custom data that can confuse the USB controller. This, in turn, permits writing data to incorrect memory regions. Crucially, this defect could pave the way for executing custom code before the iOS system fully boots, potentially bypassing critical protection mechanisms and digital signature verification processes.
Read Also
- Abu Dhabi's Support Propels SPIA Sports Industry Awards to Unprecedented Success
- Saudi Commerce Ministry Recalls 1,169 Lucid Air Pure Vehicles Over Safety Defect
- Ford Teases Smallest, Most Affordable Electric Pickup for 2027 Launch
- Koenigsegg Jesko Absolut Smashes New World Speed Records
- Fast vs. Slow Charging: Impact on Electric Car Batteries in Saudi Arabia
Affected Devices and Exploitation Prerequisites
The list of affected devices is extensive, including various iPhone models, the third-generation iPad Air, iPad Mini 5, iPad 8 and 9, as well as the second-generation Apple TV 4K. Apple Watch Series 4, 5, and SE, along with the Apple Studio Display, are also vulnerable. Despite its severity, researchers confirmed the Secure Enclave, which stores sensitive data, remains unaffected. Importantly, exploiting usbliter8 necessitates physical access to the device, which diminishes remote attack vectors but does not negate its danger in cases of theft or direct access. Experts advise upgrading affected devices for enhanced data protection.
