Security researchers at Paradigm Shift have published a working exploit, dubbed usbliter8, that achieves arbitrary code execution inside the SecureROM of Apple’s A12 and A13 chips. The vulnerability is burned into silicon at manufacture, no software update can reach it. Every affected device carries the flaw for its entire lifespan.
The exploit is the most significant BootROM compromise since the checkm8 exploit of 2019, which covered devices from the iPhone 4S through the iPhone X. checkm8 has been in active use by jailbreak communities, forensics firms, and law enforcement for seven years.
The flaw resides in the Synopsys DWC2 USB controller found in Apple’s A12, A13, S4, and S5 system-on-chips. When a device enters Device Firmware Update (DFU) mode, the controller buffers incoming USB packets via DMA. A bug in how it manages that buffer allows an attacker to push DMA writes into adjacent SRAM, corrupting the boot chain before Apple’s signature checks can load.
Devices affected include the iPhone XS, XS Max, XR, iPhone 11, 11 Pro, 11 Pro Max, iPhone SE (2nd generation), iPad Air (3rd generation), iPad mini (5th generation), iPad (8th and 9th generations), Apple Watch Series 4 and 5, and the first-generation Apple Watch SE. Devices with A11 or older and A14 or newer chips are not affected.
Attack requirements and risk profile
The exploit requires physical possession of the device in DFU mode, connected via USB to a dedicated RP2350-based microcontroller board. The attack completes in under two seconds, before Apple’s signed boot chain loads.
The attack cannot be triggered remotely, and Paradigm Shift researchers said they were unable to bypass Apple’s Data Protection, meaning user files, photos, and messages remain encrypted. However, a BootROM compromise of this depth could open broader attack paths toward the Secure Enclave over time.
“By releasing this exploit publicly, we hope to highlight the real-world impact of these hardware flaws and contribute to a broader understanding of modern SecureROM security,” the researchers wrote. “While newer generations have addressed the underlying issue, affected A12 and A13 devices will carry it for the remainder of their lifetime.”
What users should do
For most consumers, keeping devices in physical custody provides effective protection. Organisations with high-value targets, executives, legal teams, government personnel, should treat the vulnerability as a real physical threat and consider upgrading affected devices to newer hardware with A14 chips or later, where the underlying issue has been addressed.
The proof-of-concept code and technical write-up were published on June 18 after coordinated disclosure with Apple Product Security.
Sources: Older iPhones have an unfixable security flaw (ZDNet, June 22, 2026); Unpatchable ‘usbliter8’ Exploit Breaks Apple A12 and A13 SecureROM Boot Chain (The Hacker News, June 19, 2026); usbliter8 GitHub repository (Paradigm Shift)