Apple's A12 and A13 devices are now vulnerable to a new unpatchable BootROM exploit called usbliter8, which can enable arbitrary code execution on affected hardware. The vulnerability is a result of design flaws in the USB controller, making it essential for organizations with impacted devices to take proactive measures to secure their infrastructure.
The world of cybersecurity has just witnessed a significant escalation in the vulnerability landscape, as a new unpatchable BootROM exploit, known as usbliter8, has been discovered affecting Apple's A12 and A13 devices. This latest development comes on the heels of checkm8, another SecureROM vulnerability that left Apple's A5 to A11 devices vulnerable to exploitation.
According to researchers at Paradigm Shift, who published a working exploit on June 18, 2026, usbliter8 enables arbitrary code execution inside the SecureROM of affected devices. This means that even on newer models with more recent firmware updates, the same vulnerability persists due to hardware flaws in the USB controller.
The attack requires physical access to the device, as well as a dedicated RP2350-based microcontroller board, DFU mode, and a specific USB connection setup. While this may seem daunting for personal users, it presents a significant concern for enterprise security teams, government agencies, and anyone running sensitive operations on affected hardware.
The root cause of the vulnerability lies in the design of the DesignWare USB controller, which can lead to repeated buffer underflows and DMA pointer resets. This allows attackers to inject custom code into the device's memory, effectively bypassing Apple's security measures.
Researchers have demonstrated how usbliter8 works on A12 devices by overwriting control data and gaining code execution during a task switch. On A13 devices, however, Pointer Authentication protects stack-stored return addresses, making it more challenging for attackers to execute arbitrary code.
Peter Paganini, the author of Security Affairs newsletter Round 582, highlights that affected device families include iPhone XS, XS Max, XR, iPhone 11 series, and iPad Air third generation. A11 devices are not affected, while newer models with SecureROM versions A14 and later appear to be out of reach.
Researchers stress that even though newer generations have addressed the underlying issue, affected A12 and A13 devices will carry this vulnerability for their entire operational life. Therefore, it is crucial for organizations with affected hardware to accelerate refresh cycles toward A14 or newer models, establish strict policies around DFU mode and untrusted USB connections, and treat physical device custody as a security control.
As the first code that runs when an Apple device boots, SecureROM remains inaccessible once manufacturing. This means that even if Apple releases patches for this vulnerability in the future, older devices will not be able to benefit from them due to the permanent nature of this exploit.
The discovery of usbliter8 serves as a stark reminder that even with advancements in technology, certain vulnerabilities can persist due to hardware design flaws. As security experts warn, physical device custody should become an essential security control rather than just an administrative detail.