Vulnerability in SecureROM | |
---|---|
Software |
|
Vulnerable versions | ? |
Fixed in version | ? |
Disclosed | 13 January 2023[1] |
Discovered by | q3k |
wInd3x is a bootrom exploit for the iPod nano 3rd through 5th generation, and the iPod classic (6th generation). It is assumed that the iPhone, iPhone 3G, and iPod touch are also vulnerable.
The vulnerability is in the DFU mode USB stack, where a user-controlled parameter passed in a SETUP
packet is used to index an array without bounds checking. The exploit is named after the wIndex
field in the struct that comprises the data from the USB packet.[1]
External Links
- wInd3x, the iPod Bootrom exploit 10 years too late writeup by q3k