By Marcus Mendes<\/p>\n\n\n\n Researchers at Paradigm Shift have published the technical details of usbliter8, a new unpatchable iPhone BootROM vulnerability that enables arbitrary code execution on devices powered by Apple\u2019s A12 and A13 chips. Here are the details.<\/p>\n\n\n\n In a highly detailed technical post<\/a> published today, the Paradigm Shift Team details The PS Team explains that ahead of today\u2019s disclosure, it shared its findings and worked with Apple Product Security to coordinate the release. The researchers also thanked Apple\u2019s security team for its \u201cprompt response, constructive engagement, and cooperation throughout\u201d the process.<\/p>\n\n\n\n In a nutshell, this bug affects the following Apple SoCs: A12, S4, S5, and A13. Althrough the authors only explicitly mention the iPhone in their write-up, these are the devices equipped with these SoCs:<\/p>\n\n\n\n They add that \u201ctechnical support for A12X\/Z is possible,\u201d but \u201cit is not currently implemented.\u201d That could add the 2018 and 2020 iPad Pro lineups to the list.<\/p>\n\n\n\n The way That gives an attacker with physical access to the device control over its startup process. From there, they can run their own code before iOS loads, bypass signature checks, and boot modified system software.<\/p>\n\n\n\n Importantly, the exploit does not affect or compromise the device\u2019s Secure Enclave, which in practice means that data such as passcodes and encrypted user data remain secure.<\/p>\n\n\n\n That said, PS Team says that \u201calthough The PS Team explains that there are different methods for leveraging the exploit on A12, S4, S5, and A13 chips, with the A13 exploit being more intricate because its SecureROM uses Pointer Authentication, or PAC, a security feature designed to prevent attackers from redirecting code execution.<\/p>\n\n\n\n However, the researchers found a way around PAC by carefully corrupting several parts of memory in stages, eventually taking control of the USB interrupt handler and using it to run their own code.<\/p>\n\n\n\n Given that this is also an unpatchable exploit, the researchers note that \u201caffected users should be aware that migrating to newer hardware remains the most effective mitigation.\u201d<\/p>\n\n\n\n Interestingly, this exploit doesn\u2019t affect the A11 or earlier chips, which are vulnerable to a separate unpatchable BootROM exploit known as checkm8<\/a>.<\/p>\n\n\n\n After that exploit was discovered, it became the foundation for several jailbreak tools targeting older iPhones and iPads, so it is possible that the same might happen with the devices affected by In addition to the technical write-up, the researchers also published a proof-of-concept project on GitHub<\/a>, which has amassed more than 280 stars in just a few hours.<\/p>\n\n\n\n![\"Apple](\"https:\/\/9to5mac.com\/wp-content\/uploads\/sites\/6\/2023\/09\/Apple-Silicon-chips.jpg?quality=82&strip=all&w=1600\")
<\/figure>\n\n\n\nHow usbliter8 works<\/h2>\n\n\n\n
usbliter8<\/code>, a new exploit that \u201cleverages both a hardware bug in the USB controller and a specific configuration flaw present in the device firmware\u201d and cannot be patched.<\/p>\n\n\n\n\n
usbliter8<\/code> works is: it sends specially crafted data to a device over USB while it is in DFU mode, confusing the USB controller and causing it to write data to the wrong part of memory.<\/p>\n\n\n\n![\"\"](\"https:\/\/9to5mac.com\/wp-content\/uploads\/sites\/6\/2026\/06\/usbliter8.jpg?quality=82&strip=all&w=1024\")
usbliter8<\/code> doesn\u2019t affect SEP itself, it opens up wider attack vectors to compromise the Secure Enclave,\u201d adding that \u201cby releasing this exploit publicly, we hope to highlight the real-world impact of these hardware flaws and contribute to a broader understanding of modern SecureROM security.\u201d<\/p>\n\n\n\nWhat now?<\/h2>\n\n\n\n
usbliter8<\/code>.<\/p>\n\n\n\n