The disclosure of a new hardware-level exploit has raised new concerns about the long-term security implications of immutable silicon vulnerabilities across Apple’s entire ecosystem. Paradigm Shift researchers have revealed usbliter8, a working SecureROM exploit compromising the boot chain of Apple A12 and A13 processor-based devices.
In 2019, checkm8 emerged as the first publicly released unpatched attack on these chip generations.
By exploiting a flaw within the BootROM, the code that runs before iOS and all higher security controls, the exploit is able to bypass protections at the earliest stage of the initialization process.
Physical access, a USB connection, and manual placement of the device into DFU mode are required to perform the attack, but the significance lies in the vulnerability itself. This vulnerability is not able to be remedied by updating firmware, updating operating systems, or restoring devices since it occurs in silicon rather than software.
By exploiting a flaw within the BootROM, the code that runs before iOS and all higher security controls, the exploit is able to bypass protections at the earliest stage of the initialization process.
Physical access, a USB connection, and manual placement of the device into DFU mode are required to perform the attack, but the significance lies in the vulnerability itself. This vulnerability is not able to be remedied by updating firmware, updating operating systems, or restoring devices since it occurs in silicon rather than software.
In addition to the niche jailbreak development impacted by this disclosure, Apple hardware that is still supported, including iPhones, iPads, Apple Watches, and other Apple devices, now carry a permanent hardware weakness that can be exploited throughout the device’s operational lifetime.
Along with presenting a notable research discovery, USBliter8 also presents a significant hardware security incident due to the permanent nature of the vulnerability exploited by it.
The affected SecureROM code is therefore physically embedded within the processor while the device is being manufactured, placing it beyond Apple’s control once the device leaves the factory. This is in contrast to conventional vulnerabilities that can be mitigated by updating firmware or operating systems.
The affected SecureROM code is therefore physically embedded within the processor while the device is being manufactured, placing it beyond Apple’s control once the device leaves the factory. This is in contrast to conventional vulnerabilities that can be mitigated by updating firmware or operating systems.
During a coordinated engagement with Apple Product Security on June 18, 2026, researchers revealed the exploit and accompanying proof of concept, demonstrating that a successful attack can be carried out in less than two seconds before Apple’s trusted boot sequence takes over.
There remains a strict physical access requirement for the attack: a target device must be manually placed into Device Firmware Update (DFU) mode and connected to an RP2350-based microcontroller platform using USB. Nevertheless, there is a considerable range of hardware impacted.
There remains a strict physical access requirement for the attack: a target device must be manually placed into Device Firmware Update (DFU) mode and connected to an RP2350-based microcontroller platform using USB. Nevertheless, there is a considerable range of hardware impacted.
Publicly supported targets include devices built on Apple’s A12 and A13 application processors, in addition to the S4 and S5 systems-on-chip used across Apple Watch and HomePod products.
There are a number of products, such as the iPhone XS, iPhone XR, iPhone 11, two-generation iPhone SE, multiple iPad models, Apple Watch Series 4 and 5, the first-generation Apple Watch SE, HomePod mini, and others, which continue to see active deployment.
There are a number of products, such as the iPhone XS, iPhone XR, iPhone 11, two-generation iPhone SE, multiple iPad models, Apple Watch Series 4 and 5, the first-generation Apple Watch SE, HomePod mini, and others, which continue to see active deployment.
Research indicates that support for A12X and A12Z processors may be technically achievable in the future, but this has not yet been implemented.
The architectural differences in USB memory handling do not seem to affect devices based on A11 silicon, while A14 and newer generations appear to be immune due to improved DART configuration and memory isolation controls within the boot environment.
The disclosure also highlights an aspect of modern device security that is seldom encountered: there are some vulnerabilities that are beyond the reach of all software-based defense mechanisms available to vendors as well as users.
The vulnerability can not be eliminated by iOS updates, firmware revisions, factory restores, or standard hardening measures since
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
The vulnerability can not be eliminated by iOS updates, firmware revisions, factory restores, or standard hardening measures since
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: