Apple's A12 and A13 Chips Facing New Unpatchable Exploit

[robvalentine]

Curious if this is one of the exploits the Israeli software Pegasus utilizes.

They use several different vulnerabilities for their malware. quite often they use several zero days in tandem, and send an iMessage, or sms which is zero click. This vulnerability uses USB so I think you would need physical access.

 

[dominiongamma]

If the jailbreaking community was still active, this could've ended up being very useful. I miss those days...

Sucks the community gave up on iOS, they really pushed iOS forward

 

[klasma]

To be fair, there are a few oddball devices that have these chips that they didn't list.

Well, Jseeker didn’t ask for all affected devices to be listed. 😉

 

[Abydos]

all I can say is we should not be shocked , wary perhaps . does the exploit survive an os upgrade or a firmware upgrade

 

[IIGS User]

Whew, lucky I'm still rocking this bad boy

View attachment 2639406

I'm old enough that I had one of those when they were new and high tech.

200 minutes a month, oh the horror.

 

[burgman]

I think the point is that someone could hack your device if they got ahold of it.

Don't need to get ahold of the device. Owner Just has to plug in a USB cable or device that has the exploit installed.

 

[kkclstuff]

Here is the complete list of Apple devices powered by the A12, A12X, A12Z, and A13 chips, ordered chronologically by their release date:


A12 Bionic Devices [wiki]

• iPhone XS: September 21, 2018
• iPhone XS Max: September 21, 2018
• iPhone XR: October 26, 2018
• iPad Air (3rd generation): March 18, 2019
• iPad mini (5th generation): March 18, 2019
• iPad (8th generation): September 18, 2020
• Apple TV 4K (2nd generation) (no external USB/Lightning access): May 21, 2021

A12X Bionic Devices [wiki]

• iPad Pro 11-inch (1st generation): November 7, 2018
• iPad Pro 12.9-inch (3rd generation): November 7, 2018

A12Z Bionic Devices [wiki]

• iPad Pro 11-inch (2nd generation): March 25, 2020
• iPad Pro 12.9-inch (4th generation): March 25, 2020
• Developer Transition Kit (Mac mini prototype): June 22, 2020

A13 Bionic Devices [wiki]

• iPhone 11: September 20, 2019
• iPhone 11 Pro: September 20, 2019
• iPhone 11 Pro Max: September 20, 2019
• iPhone SE (2nd generation): April 24, 2020
• iPad (9th generation): September 24, 2021
• Apple Studio Display: March 18, 2022

thank you, just about to post this... (this is pertinent)

 

[singularity0993]

I suppose it is finally possible to run the full iOS on Studio Display?

 

[noraa]

So...you have to plug it into USB? I haven't plugged my phone into anything in about 4 years.

I think the biggest issue would be if law enforcement seized your phone. Otherwise, requiring physical access makes this exploit not a big deal for the vast majority of people.

 

[Dark-Signature]

I have still a blocked iPhone 11 here (with the Apple ID of my ex wife on it). Would it be possible to use the exploit to remove the iPhone from the Apple account and reset it so that I can use it again?

 

[Squidiey]

Me with a 14 pro and M2 iPad Pro thinking I'm just fine...then realizing "Oh no, my 2022 Studio Display!"

Glad that I have an ASUS monitor

/s

 

[Squidiey]

If the jailbreaking community was still active, this could've ended up being very useful. I miss those days...

They still exist... under the Earth's mantle layer

 

[jakey rolling]

So...you have to plug it into USB? I haven't plugged my phone into anything in about 4 years.

Do you ever use a third-party USB cable or charger to charge your phone?

 

[Happy_John]

I think the point is that someone could hack your device if they got ahold of it.

Theoretically they could. But, realistically, there are a lot of easier ways to get whatever data you wanted from someone's phone, probably the simplest would be to comic the person to give you that data either through intimidation, trickery or manipulation.

Unless you are a journalist, politician, activist, working in restricted or sensitive material etc, these type of USB-based exploits shouldn't be your top priority, and instead it's probably worth worrying far more about who you share information with in the real world, and not type in your passcode in your phone where people can easily see you doing it.

 

[Happy_John]

Sucks the community gave up on iOS, they really pushed iOS forward

The iPhone jailbreaking community is a victim its own success - most of the useful functionality that was only available through jailbreaking your iPhone in the early days has now been sherlocked into "standard" iOS. The ability to download files directly onto your phone, as one example.

 

[gregmac19]

I think the biggest issue would be if law enforcement seized your phone. Otherwise, requiring physical access makes this exploit not a big deal for the vast majority of people.

It is a big deal, because if your phone is lost or is stolen, a malicious person could steal important data on your phone! I don’t want to replace my iPhone SE2, but this exploit gives me pause.

 

[Yr Blues]

LOL, they're probably using AI to hack iPhones. We're going to end up destroying the internet thanks to smart people.

 

[discuit]

The iPhone jailbreaking community is a victim its own success - most of the useful functionality that was only available through jailbreaking your iPhone in the early days has now been sherlocked into "standard" iOS. The ability to download files directly onto your phone, as one example.

Yep. I remember when jailbreaking was the only way to get quick settings control before iOS 7's Control Center (SBSettings) and the only way use wallpaper before iOS 4 (Winterboard).

 

[macfacts]

So...you have to plug it into USB? I haven't plugged my phone into anything in about 4 years.

A thief won't care and will probably want to plug in a usb to exploit it, honor system be damned.

 

[lotones]

Me with a 14 pro and M2 iPad Pro thinking I'm just fine...then realizing "Oh no, my 2022 Studio Display!"

I think this will affect Apple TV 4K 2nd gen, as well. 😕

since apparently physical access is needed you should be fine, unless you're one of those schmoes that brings their Studio Display down to the coffee shop.

same with the Apple TV... it's usually locked away at home, though beware of evil tech genius housecleaners...

 

[headlessmike]

LOL, they're probably using AI to hack iPhones. We're going to end up destroying the internet thanks to smart people.

The internet was doomed anyway. It’s the circle of life: a new technology emerges and it’s all fun and games until companies figure out how to maximize their profits and we end up with maximum en********ation.

 

[JoForumBlueGold]

since apparently physical access is needed you should be fine, unless you're one of those schmoes that brings their Studio Display down to the coffee shop.

same with the Apple TV... it's usually locked away at home, though beware of evil tech genius housecleaners...

I will bring the Studio Display to the coffee shop, connected to my iMac I use for Apple Pay as I please