How vulnerable is an updated AFU iPhone in actuality??

Rowa

I'm seeing conflicting information.
I hear people say that if the phone is in AFU mode then they can easily get into the device.

But I'm wondering if it's really this straight forward:
According to the April 2024 matrix leaks, ios 17.1-17.3 were not exploitable regardless of if the phone was in AFU mode as of April 2024. That was about 5-6 months from when iOS 17.1 was released.
So for 5-6 months there was no way Cellebrite could hack an iOS that wasn't even the latest version at the time.

Then there was the June 2024 matrix that said iOS 17.4 was still in research. iOS 17.4 was released on the 5th of march so about 3-4 months prior. I haven't seen any other matrixes so can't comment on later versions.

Furthermore, I'm not sure if these matrix's assume the device does not have USB restricted mode enabled as that would require a separate exploit to bypass before the unlock exploit could be executed.
Cellebrite tend to market themselves to be better than what they are eg: "supports all iOS (if the phone is unlocked)" etc so wouldn't surprise me if they claimed to have an AFU exploit but could only use it if the phone was not in USBRM.

iOS 18.3.1 fixed a USBRM vulnerability that was being exploited by Cellebrite. I would assume that with that update they also generally hardened the USBRM beyond just fixing the vulnerability as they would have had some direction in where the vulnerabilities lie. And another USBRM exploit in the news after they just patched one wouldn't look good for Apple's security capabilities.

Now with the auto reboot feature, it would mean that if we assume the newer versions are not exploitable yet (i.e ones that came out within about 3-4 months), then those phones will likely never be AFU exploited as they will reboot after 3 days.
That's assuming that Cellebrite haven't got faster at exploiting these updates than they were for iOS 17.1-17.4.

They would also need a bypass to the USB restricted mode as well as an unlock exploit.
Given that it took Cellebrite 5-6 months to exploit iOS 17.1 and 3-4 months to exploit iOS 17.4, is it reasonable to say that AFU isn't automatically a game over? Especially with USBRM and auto-reboot where they only really have a 3 day exploit window and that's if they can even bypass USBRM?

Probably9857

Rowa Now with the auto reboot feature, it would mean that if we assume the newer versions are not exploitable yet (i.e ones that came out within about 3-4 months), then those phones will likely never be AFU exploited as they will reboot after 3 days.

This may not be a safe assumption. I have heard of an exploit that could disable the iOS auto-reboot feature. (Can't remember the source, so take with grain of salt.)

Titan_M2

Rowa iOS 18.3.1 fixed a USBRM vulnerability that was being exploited by Cellebrite.

Source?

Rowa

Titan_M2 Sorry I should say it seemed to be used by Cellebrite or other high level actor as Apple said the exploit was "extremely sophisticated"
https://nationalcioreview.com/articles-insights/extra-bytes/apple-security-breach-raises-concerns-over-ios-vulnerability/

Rowa

I may have gotten confused. I thought I saw a June matrix showing iOS 17.4 as still in research but that might have just been the April one as I can't find a June one.
By July they had iOS 17.4-17.5.1 exploitable in AFU.
That's still like 2-3 months from ios 17.5/.5.1 release (may 13/may 20) to matrix release (July)
And it still took about 5-6 months+ for iOS 17.1 to be exploited.