Bymsoftnews 2 min read

New Unpatchable BootROM Exploit Hits A12 and A13 Apple Devices

Security researchers at Paradigm Shift disclosed usbliter8, a permanent vulnerability in the SecureROM of A12 and A13 chips that cannot be fixed by software updates.

New Unpatchable BootROM Exploit Hits A12 and A13 Apple Devices

*Security researchers at Paradigm Shift disclosed usbliter8, a permanent vulnerability in the SecureROM of A12 and A13 chips that cannot be fixed by software updates.*

The disclosure

Paradigm Shift published technical details and a working proof-of-concept exploit named usbliter8 on June 18. The flaw resides in the BootROM, also called SecureROM, the first code executed when an Apple device powers on. Because this code is etched into the silicon at manufacture, the vulnerability affects every device built around the A12 and A13 chips for the remainder of their service life.

The exploit takes advantage of a bug in the USB controller integrated into these chips. It grants arbitrary code execution during the boot process, similar to the earlier checkm8 exploit released in 2019. Where checkm8 covered devices from the iPhone 4S through the iPhone X, usbliter8 extends the same class of attack to the iPhone XS, XS Max, XR, and the entire iPhone 11 series.

Affected hardware

The vulnerability reaches beyond iPhones. Several iPad models using A12 and A13 chips are exposed, as are Apple Watch models that contain the S4 and S5 chips. No software or firmware update can close the hole; the only practical mitigations are physical security controls or device replacement.

Comparison with prior work

checkm8 demonstrated that BootROM bugs in Apple silicon can remain exploitable for years after disclosure. usbliter8 follows the same pattern on the next generation of chips. The researchers provided enough detail for others to reproduce the attack, which means public tools built on this work are likely to appear.

Why it matters

Owners of A12- and A13-era hardware now face a permanent attack surface that no future iOS or watchOS release will remove. For most users the risk remains low in daily use, yet the existence of a reliable BootROM exploit simplifies advanced attacks such as persistent jailbreaks or forensic extraction. Devices that cannot receive newer silicon will carry this exposure until they are retired.

---

Sources:

{
  "excerpt": "Paradigm Shift disclosed usbliter8, an unpatchable BootROM exploit affecting A12 and A13 devices including iPhone XS through iPhone 11 models.",
  "suggestedSection": "security",
  "suggestedTags": ["apple", "security", "exploit", "bootrom"],
  "imagePrompt": "A close-up of a silicon wafer fragment resting on a dark workbench, with faint circuit traces visible under low side light and a USB cable lying beside it. Muted color palette, cinematic lighting, 16:9."
}

No comments yet

Continue reading