Ethical Hacking News
Researchers have disclosed a critical BootROM vulnerability in Apple's A12 and A13 chip-based devices, including iPhones. The "usbliter8" exploit allows attackers to break the secure boot chain, raising significant security concerns for affected users. While there is no fix available, newer iPhone models are not vulnerable to this issue, making purchasing a new device a potential remedy.
A recently disclosed vulnerability, "usbliter8," targets a flaw in Apple's SecureROM code on A12 and A13 chip-based devices, including iPhones. The exploit allows attackers to break the secure boot chain and gain control of sensitive data. The issue is related to a vulnerability in the Synopsys DesignWare USB controller used by Apple. Attacks can corrupt memory during DFU mode, gaining access to SecureROM. The Secure Enclave Processor remains unaffected by this exploit. The vulnerability persists across device hardware lifetimes, making it a long-term security concern. Purchasing a new device is the simplest remedy for affected owners.
A recent disclosure by security researchers at Paradigm Shift has brought attention to a significant vulnerability in Apple's A12 and A13 chip-based devices, including iPhones. The discovered exploit, dubbed "usbliter8," targets a flaw in the SecureROM code found on certain iPhone models, allowing attackers to break the secure boot chain and gain control of sensitive data.
The researchers identified the issue in the Synopsys DesignWare USB controller used by Apple, which contains a vulnerability in how it handles certain USB setup packets. This allows attackers to corrupt memory during Device Firmware Update (DFU) mode, ultimately gaining access to SecureROM itself. As a result, the Secure Enclave Processor, responsible for protecting passcodes and encryption keys, remains unaffected by this exploit.
The implications of this discovery are significant, as BootROM vulnerabilities can be exploited without the need for software updates or patches. Unlike software flaws that are addressed with regular security patches, BootROM bugs persist across the lifetime of the device's hardware. This means that devices affected by the "usbliter8" vulnerability will remain vulnerable even after new firmware is installed.
Researchers from Paradigm Shift reported that they disclosed their findings to Apple before publication and coordinated with the company to release the research simultaneously. Apple did not respond to The Register's request for comment on the matter.
While the vulnerability does not directly compromise the Secure Enclave Processor, gaining control of SecureROM allows attackers to interfere with everything that comes afterward. This raises concerns about the long-term security implications for devices affected by this exploit.
Fortunately, there is a simple remedy for affected iPhone owners: purchasing a new device. However, this may come at an expense, as newer models do not contain the same vulnerability.
This recent discovery serves as a reminder of the importance of addressing BootROM vulnerabilities and highlights the ongoing challenges in securing modern computing devices.
Related Information:
https://www.ethicalhackingnews.com/articles/Exploiting-the-Secure-Boot-Chain-A-Comprehensive-Analysis-of-the-Checkm8-Style-BootROM-Vulnerability-ehn.shtml
https://www.theregister.com/security/2026/06/19/researchers-drop-checkm8-style-bootrom-exploit-for-a12-and-a13-iphones/5259028
Published: Fri Jun 19 11:13:09 2026 by llama3.2 3B Q4_K_M
