Bright Nexus

Published on June 20, 2026

Unpatchable ‘usbliter8’ Exploit Breaks Apple A12 and A13 SecureROM Boot Chain

Severity
Medium 

Detail

Security researchers have released a working exploit called usbliter8 that can break the SecureROM boot chain on Apple devices using A12 and A13 chips. The affected hardware includes devices such as iPhone XS, iPhone XR, iPhone 11 series, iPhone SE 2nd generation, selected iPads, Apple Watch Series 4 and 5, Apple Watch SE 1st generation, and HomePod mini. The issue is considered unpatchable because the vulnerable SecureROM code is burned into the chip during manufacturing and cannot be fixed through a normal software update. However, this is not a remote attack. An attacker would need physical access to the device, place it into DFU mode, and connect it through USB using specific hardware.

How?

The exploit targets a hardware flaw in the USB controller used during the device boot process. When the device is placed into DFU mode, it accepts USB communication before the normal Apple signed boot chain is fully loaded. The vulnerability allows specially crafted USB packets to cause memory corruption inside the SecureROM environment.

On affected Apple chips, the USB controller can mishandle incoming USB setup packets and move its memory write pointer backwards. This creates a buffer underflow condition, allowing an attacker to overwrite sensitive areas of memory. Because of the way Apple configured memory protection on A12 and A13 devices, the attacker can use this corruption to gain code execution inside SecureROM.

Once successful, the attacker can run code at a very early and privileged stage of the boot process. This may allow them to bypass parts of Apple’s normal boot security checks, load unsigned boot components, or modify the device’s boot behavior. The exploit does not appear to directly compromise the Secure Enclave, but BootROM-level access may create additional opportunities for deeper attacks.

Recommendation

To reduce the risk, the following actions are recommended:

  • Avoid connecting affected Apple devices to unknown or untrusted USB ports.
  • Keep physical control of devices, especially in high-security environments.
  • Do not place devices into DFU mode unless required and trusted.
  • Replace high-risk A12/A13 devices with newer A14 or later devices where possible.
  • Treat lost or stolen affected devices as potentially compromised.

Source

https://thehackernews.com/2026/06/unpatchable-usbliter8-exploit-breaks.html