European cybersecurity research firm Paradigm Shift has disclosed details of a new BootROM exploit that affects millions of iPhones and cannot be patched with a software update.
Dubbed Usbliter8, the exploit targets Apple’s SecureROM. Baked permanently into the device’s SoC, SecureROM is the first code an iPhone runs on startup and the foundation of Apple’s entire secure boot chain.
Usbliter8 chains a USB controller bug and a device firmware configuration weakness. The exploit, which requires physical USB access to the targeted device, works against iPhones with A12 and A13 chips — including iPhone XS, XR, and 11 — and Apple Watches with S4 and S5 chips. It’s worth noting that the affected chips were released in 2018 and 2019.
Conducting a Usbliter8 attack involves the attacker connecting a special USB device (eg, Raspberry Pi Pico 2 or similar microcontroller board) to the targeted iPhone and sending it crafted USB setup packets.
The attack triggers an out-of-bounds write, allowing the attacker to overwrite critical data in memory and ultimately take control of the processor, escalate privileges, and execute arbitrary code with full system privileges.
Apple’s signature checks are bypassed, allowing a hacker to achieve full code execution at the device’s lowest level before the OS ever loads. The attacker can load unsigned firmware or lower the device’s security level.
However, the exploit cannot directly be used to access user data. The researchers noted in their disclosure that Apple’s Secure Enclave Processor (SEP), a separate security processor that protects user data, is not directly compromised by the exploit.
“Although usbliter8 doesn’t affect SEP itself, it opens up wider attack vectors to compromise the Secure Enclave,” Paradigm Shift researchers explained.
While an attack cannot be launched remotely, such an exploit could be highly useful to forensics vendors.
The impact of Usbliter8 is similar to that of Checkm8, the 2019 BootROM exploit that left an entire generation of iPhones permanently vulnerable to jailbreak.
Paradigm Shift said it reported the findings to Apple before disclosure, but the tech giant has not publicly responded to the research. SecurityWeek has contacted Apple for comment and will update this article if the company responds.
The security firm has released PoC code for the Usbliter8 exploit.
“By publishing this research and the accompanying proof of concept, we aim to document the real-world impact of this class of hardware vulnerabilities, contribute to the broader understanding of modern BootROM security, and demonstrate that even recent SecureROM generations remain susceptible to subtle hardware flaws,” the company’s researchers noted.
UPDATE: Apple told SecurityWeek that its devices are designed with multiple layers of security in order to protect against a wide range of potential threats, and pointed out that iPhone, iPad and Watch models with A14/S6 or newer chips are not affected, and neither are any Mac devices.
The company also noted that the Usbliter8 exploit does not bypass data protection mechanisms, and user information such as files, photos, or messages cannot be directly accessed via exploitation of this vulnerability.
Apple said that while the vulnerability was fixed years before this research in its newer devices, it still appreciates the researchers sharing their work.
Related: Apple Rejected 2 Million App Store Submissions in 2025 for Security and Fraud Prevention
Related: Apple Patches Dozens of Vulnerabilities in macOS, iOS
Related: Apple Patches iOS Flaw Allowing Recovery of Deleted Chats
