Toggle search
Toggle menu
51.3K
2.1K
2.5K
273.5K
The Apple Wiki
Toggle preferences menu
Toggle personal menu
Not logged in
Log in or create an account to edit The Apple Wiki.

hardbird Exploit

From The Apple Wiki
More actions
hardbird
Vulnerability in SEPROM
Vulnerable inA7
Disclosed26 September 2023 (2023-09-26)[1]
Discovered byProteas

The hardbird exploit is a SEPROM exploit that is currently known to be capable of executing unsigned code on the SEPs of devices with the A7 chip or any of its variants. This exploit can only function in combination with an AP BootROM exploit such as checkm8 or an iBoot exploit, as the SEP needs to be in SEPROM for the exploit to work.

The vulnerability

The vulnerability itself is quite similar to the blackbird Exploit, which uses a bug relating to the setting of TZ0 registers, except that instead of the bug being a loss of information during a shift, as A7 doesn't ignore the higher bits set in the TZ0/1 registers, and nor does it error out over the invalid input, it allows the memory channel selectors to be modified by an attacker, thus being an input validation issue during channel selection.[2] As Apple "fixed" this bug by shifting the registers, the blackbird exploit became exploitable instead.

References

  1. ^ https://x.com/ProteasWang/status/1706634081654698349
  2. ^ https://github.com/Proteas/a7-sep-bug/blob/main/A%20Silicon%20Bug%20in%20Apple's%20A7%20SoC-v2.pdf
Stub icon

This exploit article is a stub. Please add more content to this article and remove this tag.

Retrieved from "https://theapplewiki.com/index.php?title=Hardbird_Exploit&oldid=280704"