wInd3x

wInd3x
Vulnerability in SecureROM
Software	iPod nano (3rd - 5th generation); iPod classic (6th generation); iPhone 3G (assumed); iPhone (assumed); iPod touch (assumed);
Vulnerable versions	?
Fixed in version	?
Disclosed	13 January 2023
Discovered by	q3k

wInd3x is a bootrom exploit for the iPod nano 3rd through 5th generation, and the iPod classic (6th generation). It is assumed that the iPhone, iPhone 3G, and iPod touch are also vulnerable.

The vulnerability is in the DFU mode USB stack, where a user-controlled parameter passed in a SETUP packet is used to index an array without bounds checking. The exploit is named after the wIndex field in the struct that comprises the data from the USB packet.^[1]

External Links

wInd3x, the iPod Bootrom exploit 10 years too late writeup by q3k

References

^ ^a ^b https://q3k.org/wInd3x.html

This exploit article is a stub. Please add more content to this article and remove this tag.

[q3k-1] ttps://q3k.org/wInd3x.html

[1]

v t e Exploits
Exploits	0x24000 Segment Overflow ARM Exception Vector Info Leak ARM7 Go AT+FNS AT+XAPP Vulnerability AT+XEMN Heap Overflow AT+XLOG Vulnerability AT+stkprof amfid Lazy Binding Exploit amfid Text Relocation Exploit BPF_STX Kernel Write Exploit CVE-2013-0964 CVE-2021-30773 CVE-2021-30807 CVE-2021-30883 CoreTrust Root Certificate Validation Vulnerability De Rebus Antiquis diags (iBoot command) Dual Boot Exploit Dynamic memmove() locating Fakeblank HFS Heap Overflow HFS Legacy Volume Name Stack Buffer Overflow iBoot Environment Variable Overflow IOPlatformArgs leak IOSurface Kernel Exploit IOUSBDeviceFamily Vulnerability IPSF Incomplete Codesign Exploit iran JerrySIM Kernel memory write via ROP gadget launchd.conf Untether MacDirtyCow Malformed CFF Vulnerability Malformed PairRequest Minus 0x20000 with Back Extend Erase Minus 0x400 MobileBackup Copy Exploit ndrv_setspec() Integer Overflow Overlapping Segment Attack Packet Filter Kernel Exploit posix_spawn kernel information leak Psychic Paper Pwnage Pwnage 2.0 Racoon String Format Overflow Exploit Ramdisk Hack SHA-1 Image Segment Overflow Shebang Trick ... further results
Patches	/private/etc/fstab AMFI Binary Trust Cache Patch ASR Crazeles hgsp4 patch Hunnypot Kernel Patches PE_i_can_has_debugger Patch Sandbox Patch Signature Check Patch tfp0 patch vm_map_enter Patch vm_map_protect Patch

Vulnerability in SecureROM
Software	iPod nano (3rd - 5th generation) iPod classic (6th generation) iPhone 3G (assumed) iPhone (assumed) iPod touch (assumed)
Vulnerable versions	?
Fixed in version	?
Disclosed	13 January 2023^[1]
Discovered by	q3k