Bymsoftnews 2 min read

New BootROM Exploit Extends Checkm8 to A12 and A13 Devices

Security firm Paradigm Shift released details of usbliter8, an unpatchable vulnerability that grants arbitrary code execution on devices using Apple's A12 and A13 chips.

New BootROM Exploit Extends Checkm8 to A12 and A13 Devices

*Security firm Paradigm Shift released details of usbliter8, an unpatchable vulnerability that grants arbitrary code execution on devices using Apple's A12 and A13 chips.*

The disclosure

On June 18, Paradigm Shift published technical details and a working proof-of-concept for usbliter8. The exploit targets the BootROM, also called SecureROM, inside A12 and A13 chips. Because the code is fixed at manufacture, the flaw cannot be corrected by any later software update.

The same firm previously documented checkm8 in 2019, which affected devices from the iPhone 4S through the iPhone X. usbliter8 moves the same class of attack forward to the next generation of silicon.

Affected hardware

The vulnerability reaches the iPhone XS, XS Max, XR, and the entire iPhone 11 lineup. Several iPad models that use the same chips are also exposed. Apple Watch units built around the S4 and S5 processors inherit the same exposure.

The root cause sits in the USB controller logic that runs during the earliest stage of boot. An attacker with physical access can trigger the flaw to load and execute arbitrary code before the operating system starts.

Technical scope

The BootROM executes first when power is applied. Any compromise at that layer persists for the life of the device. Earlier checkm8-style attacks already demonstrated persistent low-level access on older hardware; usbliter8 simply widens the set of chips that share the same permanent weakness.

No software mitigation is possible. Apple cannot issue a patch, and users cannot remove the exposure through normal updates or resets.

Why it matters

Owners of A12- and A13-based hardware now face a permanent attack surface that only hardware replacement can close. For most users the risk remains low in daily use, yet the existence of public, reliable code execution at the BootROM level reduces the effective lifetime of these devices in any security-sensitive context. Future research will likely treat the affected chips as permanently open at the lowest layer.

---

Sources:

{
  "excerpt": "Paradigm Shift disclosed usbliter8, an unpatchable BootROM exploit that grants arbitrary code execution on A12 and A13 Apple devices.",
  "suggestedSection": "security",
  "suggestedTags": ["apple-security", "bootrom-exploit"],
  "imagePrompt": "An abstract close-up of a silicon wafer fragment resting on a dark matte surface, with faint circuit traces illuminated by a single cool light source from the side, suggesting embedded hardware flaws. muted color palette, cinematic lighting, 16:9"
}

No comments yet

Continue reading