- A working exploit achieves arbitrary code execution within the SecureROM of Apple’s A12 and A13 chips, a flaw burned into the silicon.
- Affected devices, including iPhone XS through iPhone 11 models and various iPads and Apple Watches, cannot be patched with any software update.
- The attack requires physical access and DFU mode, and a proof of concept was made public on June 18, 2026.
Security researchers at Paradigm Shift have published a functional hardware exploit targeting Apple’s A12 and A13 chips, achieving code execution before the signed boot chain loads. This vulnerability, detailed in a technical write-up and a public proof of concept on June 18, 2026, permanently affects a range of devices due to a silicon-level flaw.
Consequently, millions of iPhones, iPads, and Apple Watches containing these chips cannot receive a software fix. The exploit, dubbed usbliter8, extends the permanent jailbreak condition previously seen in older chips to newer hardware generations.
The root cause is a hardware bug in the Synopsys DWC2 USB controller combined with an insecure configuration of Apple’s DART IOMMU. This combination allows carefully crafted USB packets to underflow a DMA buffer and overwrite critical memory inside SecureROM.
Gaining control requires overwriting a saved link register on the A12 or bypassing Pointer Authentication on the A13. After exploitation, attackers can demote the SoC’s production mode or boot unsigned iBoot images, stepping outside Apple’s chain of trust entirely.
However, the research team notes this does not demonstrate a compromise of the Secure Enclave processor. “BootROM-level control may open new routes for attacking it,” the Paradigm Shift report warns.
Meanwhile, the public release of the exploit code means the technique is now available as a tool. For most users, the practical risk remains low as the attack requires physical possession, DFU mode, and specific hardware.
For high-security environments, this becomes a hardware-retirement issue. Organizations are advised to inventory and prioritize refreshing affected A12, A13, S4, and S5 devices to newer, unaffected models like the A14.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
