THE article discusses the discovery of the usbliter8 exploit affecting Apple A12 and A13 devices, allowing arbitrary code execution within the SecureROM. This BootROM-level vulnerability is unpatchable and requires physical access, DFU mode, and a USB connection to exploit.
Researchers from Paradigm Shift published a report revealing how this flaw arises from a hardware issue in the Synopsys DWC2 USB controller, enabling attackers to gain control over affected devices, which include various iPhone, iPad, and Apple Watch models. The discovery echoes the previous checkm8 exploit and raises concerns about physical security for enterprise users. Countermeasures include accelerating hardware refresh cycles and enforcing strict policies regarding physical device custody.