News in Short

• Researchers have released a working exploit called usbliter8 targeting Apple A12 and A13 chips.
• The flaw exists inside SecureROM, making it impossible to fix through software updates.
• Attackers need physical access, DFU mode, and specialized hardware to execute the exploit.
• Affected devices include iPhone XS, iPhone XR, iPhone 11 series, and several older iPads and Apple Watches.

A newly disclosed Apple A12 security flaw has put millions of older Apple devices under fresh scrutiny. Security researchers have released a working exploit named usbliter8 that achieves arbitrary code execution inside SecureROM, the first code that runs when an Apple device powers on. Because SecureROM is permanently embedded into the chip itself, Apple cannot patch the vulnerability through iOS or firmware updates.

The exploit affects Apple A12 and A13 processors and has drawn comparisons to the infamous checkm8 vulnerability that permanently impacted earlier generations of iPhones.

What Is the Apple A12 usbliter8 Exploit?

The usbliter8 exploit was developed by security researchers at Paradigm Shift and publicly disclosed on June 18, 2026. The attack targets a flaw in the boot process of devices powered by Apple’s A12 and A13 chips.

Unlike most security vulnerabilities that exist within software, this issue resides in SecureROM. SecureROM serves as the foundation of Apple’s secure boot chain. It verifies the integrity of the software stack before iOS loads and establishes the device’s chain of trust.

Once code execution is achieved at this level, an attacker gains control before Apple’s security protections fully activate.

However, the exploit is not remote. An attacker must physically possess the device, place it into Device Firmware Update (DFU) mode, and connect it to a specially configured USB setup. Researchers say the attack completes in less than two seconds before Apple’s signed boot sequence begins.

Which Apple Devices Are Affected?

The public proof-of-concept currently supports devices powered by A12, A13, S4, and S5 chips.

Affected products include the iPhone XS, iPhone XS Max, iPhone XR, iPhone 11, iPhone 11 Pro, iPhone 11 Pro Max, and the second-generation iPhone SE. Several iPads, including the third-generation iPad Air, fifth-generation iPad mini, and eighth-generation iPad, are also affected.

The vulnerability extends beyond iPhones. Apple Watch Series 4, Apple Watch Series 5, the first-generation Apple Watch SE, and the HomePod mini also fall within the affected hardware range.

Researchers noted that A11-powered devices are not vulnerable through this attack path. Meanwhile, Apple chips from A14 onward appear protected due to architectural changes that prevent exploitation.

How Does the Vulnerability Work?

The root cause lies within a hardware flaw affecting the Synopsys DWC2 USB controller.

According to the researchers, the USB controller processes incoming setup packets through direct memory access (DMA). Under specific conditions, the controller incorrectly manages memory pointers. As a result, repeated packet manipulation can force a memory underflow that gradually moves backward through memory.

Normally, modern hardware protections would stop this behavior from becoming dangerous. However, Apple’s implementation on A12 and A13 devices appears to leave the USB DART, which functions similarly to an IOMMU, operating in bypass mode during SecureROM execution.

This allows manipulated DMA operations to overwrite sensitive memory regions.

On A12 devices, researchers found a path to overwrite stack data and gain program execution. On A13 devices, the process was more complex because Apple uses Pointer Authentication (PAC), a security feature designed to protect return addresses.

Even so, the researchers developed a multi-stage method that bypasses these protections and ultimately redirects execution flow to attacker-controlled code.

What Can Attackers Do After Exploitation?

Once the exploit succeeds, attackers gain privileged execution within SecureROM at EL1, one of the processor’s highest privilege levels.

The proof-of-concept modifies USB functionality and marks compromised devices with a “PWND:[usbliter8]” identifier. More importantly, it allows temporary modification of the chip’s production security state and enables booting unsigned iBoot images without Apple’s signature verification.

In practical terms, this means attackers can bypass key elements of Apple’s trusted boot process.

Researchers emphasized that the exploit does not compromise the Secure Enclave. The Secure Enclave remains a separate security boundary designed to protect sensitive information such as encryption keys and biometric data. However, SecureROM-level access creates a powerful foundation that could potentially support future research into additional attack paths.

Why Can’t Apple Fix This Vulnerability?

The answer lies in the location of the flaw.

SecureROM is physically etched into the silicon during manufacturing. Unlike iOS, firmware, or application software, it cannot be modified after the device leaves the factory.

That makes usbliter8 fundamentally different from most vulnerabilities disclosed today.

The situation mirrors checkm8, the landmark 2019 SecureROM exploit that permanently affected Apple devices from A5 through A11. Just as Apple could not patch checkm8, it cannot remove the underlying hardware weakness exploited by usbliter8.

As a result, every affected device will carry this vulnerability throughout its operational life.

What Does This Mean for Users?

For most consumers, the immediate risk remains relatively low. The attack requires physical possession of the device, DFU mode access, specialized hardware, and technical expertise.

Still, organizations handling sensitive information may need to reassess device security policies. Physical custody becomes significantly more important because software updates alone cannot eliminate the risk.

Security teams may also consider accelerating migration plans toward devices powered by A14 or newer chips, which currently appear unaffected.

The public release of the exploit code changes the equation. Historically, vulnerabilities become more accessible once proof-of-concept tools enter the public domain.

Conclusion

The Apple A12 security story took a major turn this week with the release of usbliter8. The exploit does not enable remote attacks, but it does permanently weaken the hardware trust model of affected devices. Because the flaw exists within SecureROM itself, Apple has no software fix available. For users and organizations still relying on Apple A12 and A13 hardware, physical device security is now more important than ever.