Bymsoftnews 2 min read

Unpatchable BootROM Flaw Exposed in Apple's A12 and A13 Chips

Security firm Paradigm Shift disclosed usbliter8, a permanent vulnerability that grants arbitrary code execution on devices using Apple's A12 and A13 processors.

Unpatchable BootROM Flaw Exposed in Apple's A12 and A13 Chips

*Security firm Paradigm Shift disclosed usbliter8, a permanent vulnerability that grants arbitrary code execution on devices using Apple's A12 and A13 processors.*

The disclosure

On June 18, Paradigm Shift published technical details and a working proof-of-concept for an exploit named usbliter8. The flaw sits in the BootROM, also called SecureROM, the first code executed when an iPhone powers on. Because the BootROM is hard-coded into the silicon at manufacture, no software update can close the hole.

The exploit targets a bug in the USB controller built into the A12 and A13 chips. It allows arbitrary code execution during the boot process. Affected hardware includes the iPhone XS, XS Max, XR, and the entire iPhone 11 lineup, along with several iPad models and Apple Watch units that use the S4 and S5 chips.

Comparison to prior work

The new flaw continues a pattern that began with checkm8, released in 2019. That earlier exploit covered devices from the iPhone 4S through the iPhone X. usbliter8 now reaches the next generation of chips and extends the same class of permanent access to a later set of products.

No vendor statements or patches have appeared. The sources report only the researchers' findings and the affected chip list.

Why it matters

Devices carrying the A12 or A13 remain exposed for their entire service life. Owners of the iPhone XS through iPhone 11 series, and the listed iPads and Watches, cannot mitigate the risk through normal updates. For users who keep hardware beyond the typical three-to-four-year support window, the exposure is permanent. Security teams that rely on these models for testing or legacy applications now face an unfixable entry point that requires hardware-level controls instead of software fixes.

---

Sources:

{
  "excerpt": "Paradigm Shift disclosed usbliter8, an unpatchable BootROM exploit affecting Apple devices with A12 and A13 chips that enables permanent arbitrary code execution.",
  "suggestedSection": "security",
  "suggestedTags": ["apple", "bootrom", "exploit"],
  "imagePrompt": "An abstract close-up of a silicon wafer edge with faint circuit traces catching low side light, a small USB connector silhouette resting nearby on a matte surface. muted color palette, cinematic lighting, 16:9"
}

No comments yet

Continue reading