BootROM exploit "usbliter8" targets unpatachable SecureROM flaw in A12 and A13 iPhones
By
Carly Page
Summary
Security researchers at Paradigm Shift have disclosed a BootROM exploit called "usbliter8" affecting Apple's A12 and A13 chips, which powers devices like iPhone XS, XR, 11, and 11 Pro. The exploit targets a vulnerability in the immutable SecureROM code burned into silicon during manufacturing, meaning it cannot be patched via software updates. The only fix for affected users is to purchase a new device.
Source
Key quotes
· 3 pulledThe exploit, dubbed 'usbliter8' by security researchers at Paradigm Shift, targets a flaw in the SecureROM code found on the iPhone XS, XR, 11, and 11 Pro models, plus other devices powered by Apple's A12 and A13 processors.
Because the vulnerability resides in immutable BootROM code burned into silicon during manufacturing, it cannot be patched.
Owners of affected iPhones can stop checking for patches now: the fix for this SecureROM bug comes in a new handset
You might also wanna read

Unpatchable iPhone Exploit A12 A13 Chips: usbliter8 Explained
Critical Hardware Vulnerability Found in Apple A16 Bionic Chip Enabling Debug Logic on Production Devices
This repository documents a critical hardware vulnerability in Apple's A16 Bionic chip where debug logic meant for development silicon is ex
Exploit Enables Modification of iOS MobileGestalt.plist to Unlock iPad Features on iPhone
The article describes how a newly released exploit (itunesstored & bookassetd sbx escape) enables modification of the MobileGestalt.plist fi
idevicecentral.com·7mo agoApple patches critical iOS zero-day vulnerability exploited in targeted attacks
Apple has patched a critical zero-day vulnerability (CVE-2026-20700) affecting every iOS version since 1.0, discovered by Google's Threat An

Technical Analysis of macOS Boot Chain and Security Architecture on Apple Silicon
This technical article provides a comprehensive reverse engineering analysis of the macOS boot chain and security architecture on Apple Sili

Comments
Sign in to join the conversation.
No comments yet. Be the first.