I'm not sure? what is the threat you're concerned about here?
My reading of this is that it's just removed the requirement to use a wired connection to a laptop to restore a phone that is already in DFU/restore mode - I'm not sure what attack/flaw you get from allowing the recovery path over wifi that would not already be an option with the existing wired path?
You can't bypass "all iPhone security" - this is a restore path: the phone is already in a state where it cannot boot, and cannot access user data. Once an iPhone is in a restore state (restore mode or DFU which afaict are only marginally different) it cannot do anything except install a new OS. If an iPhone is in a restore mode it is not in an "update the device mode" it's in a "the OS is dead and the user data is gone by default".
There are _some_ restore paths it is possible to not lose all of the data on the device, but that requires the user (on the device) to provide their passcode during the restore, and I think even requires their iCloud password to get through activation lock, and it takes like an hour to complete.
There's fundamentally no reason that this should be less secure than the existing state where restore requires a wired connection to a laptop.
Right. I was saying hypothetically if you had a big enough chain of exploits for all the various protections Apple has then this may let you use them without physically touching the device, only being really close.
But if you had that chain of exploits, who cares. You already won the game.
So I don’t think this matters to security.
Well, IF you have an exploit capable of bypassing all iPhone security you could now use it by setting something on someone’s phone for a few minutes instead of plugging into it.
Is that useful? Maybe. No fingerprints?
Of course you still need that billion dollar exploit first.