Unpatchable BootROM exploit for Apple A12-A13 chips now public

Unpatchable BootROM exploit for Apple A12-A13 chips now public

June 19, 2026 discoverhiddenusacom Technology

Security researchers at Paradigm Shift have identified a permanent hardware vulnerability, dubbed usbliter8, affecting Apple’s A12 and A13 chipsets. The exploit leverages a flaw in the Synopsys DesignWare USB 2.0 controller to bypass SecureROM protections, allowing for arbitrary code execution during the device’s boot process. Because the vulnerability resides in immutable hardware, affected devices, including certain iPhone and Apple Watch models, cannot be patched via software updates.

How does the usbliter8 exploit work?

The usbliter8 exploit functions by targeting a Direct Memory Access (DMA) mechanism flaw within the Synopsys DesignWare USB 2.0 (DWC2) controller, according to Paradigm Shift. Researchers discovered that malformed USB Setup packets can trigger a memory underflow, creating a corruption primitive that allows attackers to overwrite critical memory structures. By manipulating the Device Address Resolution Table (DART) configuration, which is left in a bypass mode on A12 and A13 chips during the SecureROM boot stage, attackers gain a foothold in the device’s earliest execution phase.

Pro tip: Physical access remains the primary barrier to this exploit. Because it requires a USB connection to a device in DFU mode, securing physical hardware is the most effective defense against unauthorized firmware modification.

What devices are impacted by this vulnerability?

The vulnerability primarily impacts devices built on the Apple A12 and A13 system-on-chips (SoC), as well as the S4 and S5 chips used in Apple Watch models. Paradigm Shift confirmed that while the vulnerability is technically present in A12X and A12Z processors, those specific configurations have not been tested in their proof-of-concept. Newer platforms, such as those using the A14 chip and beyond, are not susceptible to this exploit because Apple corrected the DART configuration logic in later hardware iterations.

What devices are impacted by this vulnerability?

How do attackers bypass Pointer Authentication Codes?

On A13 devices, the exploit must contend with Pointer Authentication Codes (PAC), a security feature designed to cryptographically protect control-flow data. Paradigm Shift researchers bypassed these protections by developing a multi-stage attack chain. This process involves corrupting heap structures related to DART, manipulating panic-handling routines, and precisely timing DMA writes. By successfully replacing a USB interrupt handler pointer with attacker-controlled data, the exploit achieves code execution despite hardware-level signature checks.

Apple Devices Rocked By Unpatchable Exploit Targeting A12 And A13 Chips
Did you know? The “PWND” marker added to USB device identifiers by the exploit is a nod to traditional jailbreaking techniques, signaling that the device’s hardware root of trust has been successfully compromised.

What are the long-term security implications?

Because the flaw exists in the SecureROM—code permanently etched into the silicon—there is no software-based fix for existing A12 and A13 hardware. While the Secure Enclave Processor (SEP) remains a separate, isolated security boundary, the ability to execute code at the SecureROM level significantly expands the attack surface for advanced threats. Researchers recommend that users concerned about long-term exposure migrate to newer hardware platforms that are not subject to the underlying controller design flaws.

What are the long-term security implications?

Frequently Asked Questions

  • Can Apple fix this with an iOS update? No. Because the vulnerability is rooted in the physical hardware design of the chip and the immutable SecureROM, it cannot be corrected via software.
  • Is my personal data at risk? The exploit targets the boot process. While it allows for arbitrary code execution, the Secure Enclave remains a separate security boundary, though the overall device security posture is weakened.
  • How do I protect my device? Since the attack requires physical access and USB connectivity to DFU mode, ensure your device is not left unattended in high-risk environments.

Have you encountered concerns regarding hardware-level security in your enterprise or personal devices? Share your thoughts in the comments below, or subscribe to our weekly security briefing for the latest insights on silicon-level threats.