A significant security threat has emerged for Apple devices. Security research firm Paradigm Shift has released details of a BootROM vulnerability affecting Apple's A12 and A13 chips, along with a working proof-of-concept exploit named usbliter8. This hardware-level flaw cannot be fixed with software updates, leaving affected devices permanently vulnerable.
What is BootROM and why it matters
The BootROM, also known as SecureROM, is the first code executed by an iPhone when it powers on. Because it is embedded directly into the chip during manufacturing, any vulnerability found there is unpatchable. No iOS update can fix the issue; the only remedy is physical chip replacement, which is impractical for millions of users. The last publicly known BootROM exploit of this kind was checkm8, released in 2019 and affecting devices from iPhone 4S through iPhone X. usbliter8 now extends that history to the next generation, covering iPhone XS, XR, 11, and 11 Pro.
Technical workings of usbliter8
The exploit takes advantage of a bug in the USB controller integrated into Apple's chips. During startup, when an iPhone receives USB data, the controller uses a memory buffer to store incoming packets. Paradigm Shift discovered that by sending a specific sequence of unusually small packets, they could manipulate an internal hardware pointer, causing it to walk backwards through memory. This allows data to be written to locations it should never reach. The researchers emphasize that this appears to be a hardware bug in the USB controller itself, not a software error by Apple.
Sponsored Protocol
Not all chips are vulnerable. The A11 chip used in iPhone X is safe because its USB driver manually resets the pointer after each packet. Starting with the A14 chip, Apple correctly configured a memory protection feature at the BootROM level, making later generations secure. The A12 and A13 sit in a vulnerable middle ground: the bug is present, but mitigation is partial.
Sponsored Protocol
Differences between A12 and A13
On devices with the A12 chip, achieving code execution is relatively straightforward. On A13 chips, however, it is considerably harder because Apple introduced Pointer Authentication Codes (PAC), a security feature that detects and blocks certain types of memory tampering. Paradigm Shift had to develop a lengthy multi-step process to work around PAC, ultimately succeeding in taking control of the processor.
Once in control, the exploit installs a custom handler that survives a device restart. This handler adds two capabilities: temporarily lowering the device's security settings, and booting unsigned software without any verification checks. It also injects the traditional "PWND" string into the iPhone's USB serial number as a signal that the device has been compromised, a convention carried over from checkm8 and earlier exploits.
Security implications
While usbliter8 does not directly affect the Secure Enclave, a BootROM compromise of this kind opens up wider avenues for attacking it. Paradigm Shift stated that they reported the findings to Apple Product Security before publication and worked with Apple on coordinated disclosure. The full proof-of-concept code has been published alongside the write-up on their website.
Sponsored Protocol
This discovery comes at a time when mobile device security is under intense scrutiny. Recent attacks such as FortiBleed have compromised tens of thousands of firewalls, demonstrating that hardware vulnerabilities are increasingly targeted. The security community advises users to keep devices updated and exercise caution with untrusted USB connections, although for A12 and A13 devices no definitive software fix exists.
For a deeper understanding of BootROM, refer to the Wikipedia page on BootROM. The vulnerability will remain for the entire lifespan of affected devices, making user awareness crucial.
Source: https://www.macrumors.com/2026/06/18/a12-and-a13-chips-facing-exploit
