← All articles

Unpatchable BootROM exploit hits Apple A12 and A13 chips via USB

Researchers at Paradigm Shift published usbliter8, a working exploit that runs unauthorized code inside the SecureROM of Apple's A12 and A13 chips, the boot code burned into the silicon of devices from the iPhone XS through the iPhone 11, plus the S4 and S5 Apple Watch chips. Because the flaw lives in immutable hardware, no software update can fix it, so affected devices stay vulnerable for life. The catch is that it is not remote: an attacker needs physical possession of the device, must put it in DFU mode, and connect it to a special USB board, after which the exploit runs in under two seconds. It succeeds 2019's checkm8.

Check
Assess whether high-risk staff or sensitive workflows rely on older Apple devices with A12 or A13 chips (iPhone XS through iPhone 11), which could be compromised if physically seized or lost.
Affected
Apple devices on A12 and A13 chips, roughly iPhone XS through iPhone 11 plus Apple Watch S4 and S5; exploitation needs physical access and DFU mode, so remote risk is nil.
Fix
There is no software fix. Retire or replace affected older devices for high-risk users, enforce strong passcodes and device encryption, keep physical control of devices, and avoid leaving them unattended.