Axi0Mx

**Name of the Vulnerable Software and Affected Versions** Apple devices (affected versions not specified) **Description** A security issue in the SecureROM of certain Apple devices allows an unauthenticated local attacker to execute arbitrary code on the device upon booting. This requires physical access to the device, which must be connected to a computer and put into Device Firmware Update (DFU) mode during boot. The exploit is not persistent, as rebooting the device overrides any changes made during the exploited session. Additionally, without the device's unlock PIN or fingerprint, an attacker cannot access information protected by Apple's Secure Enclave or Touch ID features. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apple iPhone 3GS **Description** The issue concerns the bootrom malloc implementation in Apple iPhone 3GS, which returns a non-NULL pointer when it is unable to allocate memory. An attacker who has physical access to the device can exploit this to install arbitrary firmware. **Recommendations** For Apple iPhone 3GS, at the moment, there is no information about a newer version that contains a fix for this issue.