qr1 How can the phone still boot if there is persistent modifications like that? I thought that was the point of Verified Boot? Would a re-flash fix it in that case?
There was no modification. They were designed like this, with this flaw. An open door in the hardware.
Maybe an attacker session would reset after reboot. The bootloader restore everything. But the hardware flaw still exist and the attacker still know where the open door is.
There could be none or hundreds of exploits and vulnerabilities that no one knows about or those that know keep it secret. Either for malicious purposes or to fix it as soon as possible before they become public.
Edit: In the baseband case it was particularly damaging because an attacker would only need to know your phone number. So it got the attention of everyone.
But if you were to read security updates there are many similar things that are being patched or fixed everyday.