BootROM Exploit “Usbliter8” Lets Attackers Bypass Apple SecureROM on iPhones With A12, A13
Image: Zamin.uz

BootROM Exploit “Usbliter8” Lets Attackers Bypass Apple SecureROM on iPhones With A12, A13

22 June, 2026.Technology and Science.4 sources

Key Takeaways

  • Usbliter8 is a bootROM-level exploit targeting Apple’s SecureROM, baked into the SoC.
  • Cannot be patched with software updates; affects millions of iPhones.
  • Could enable government spyware hackers to develop iPhone exploits for older devices.

Unpatchable iPhone BootROM flaw

A BootROM exploit dubbed “usbliter8” has been disclosed by Paradigm Shift and is described as unpatchable with a software update because it targets Apple’s SecureROM baked permanently into the device’s SoC.

A landmark deal will place AI at the heart of independent cinema, with artists guiding tool development while industry figures debate implications for creative jobs and authorship

mezha.netmezha.net

SecurityWeek says the exploit affects iPhones with A12 and A13 chips, including iPhone XS, XR, and 11, and it requires physical USB access to the targeted device.

Image from mezha.net
mezha.netmezha.net

TechCrunch reports that the vulnerability affects Apple chips A12 and A13, released in 2018 and 2019, and included in older iPhones such as the XS, XR and up to the iPhone 11.

The flaw is said to allow attackers with physical access to connect a cable and potentially defeat and bypass further security checks by exploiting the iPhone’s Boot ROM, the first piece of code that runs when an iPhone is turned on.

How it works, who benefits

SecurityWeek explains that conducting a Usbliter8 attack involves connecting a special USB device, such as “Raspberry Pi Pico 2 or similar microcontroller board,” to the targeted iPhone and sending crafted USB setup packets.

The same report says the attack triggers an out-of-bounds write that allows an attacker to overwrite critical data in memory and ultimately take control of the processor, escalate privileges, and execute arbitrary code with full system privileges.

Image from SecurityWeek
SecurityWeekSecurityWeek

TechCrunch adds that a company that sells spyware and hacking tools to government agencies has published details of the vulnerability, and that the release opens the door for other researchers working for governments or their contractors to develop effective hacks for iPhones.

TechCrunch also notes that companies like Cellebrite and Magnet Forensics need techniques similar to usbliter8 for iPhones seized by authorities, while still requiring additional vulnerabilities to access user data.

Apple response and mitigation

SecurityWeek reports that Apple told it that iPhone, iPad and Watch models with A14/S6 or newer chips are not affected, and neither are any Mac devices.

A company that sells spyware and hacking tools to government agencies has published details of a vulnerability in Apple chips that can potentially help hackers unlock older iPhones

TechCrunchTechCrunch

SecurityWeek also says Apple pointed out that the Usbliter8 exploit does not bypass data protection mechanisms, and user information such as files, photos, or messages cannot be directly accessed via exploitation of this vulnerability.

Zamin.uz frames the problem as “unfixable” and says the issue is located in the device's Boot ROM, with the code “burned into thechip's hardware (immutable), meaning Apple cannot fix it remotely via software updates (iOS update).”

Zamin.uz concludes that the only and most effective way to protect against the hardware-level flaw is to upgrade to devices with newer processors (A14 and higher), while Apple has not yet issued an official response in that account.

More on Technology and Science