CVE-2019-8900

Name of the Vulnerable Software and Affected Versions Apple devices (affected versions not specified)

Description A security issue in the SecureROM of certain Apple devices allows an unauthenticated local attacker to execute arbitrary code on the device upon booting. This requires physical access to the device, which must be connected to a computer and put into Device Firmware Update (DFU) mode during boot. The exploit is not persistent, as rebooting the device overrides any changes made during the exploited session. Additionally, without the device's unlock PIN or fingerprint, an attacker cannot access information protected by Apple's Secure Enclave or Touch ID features.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.