There’s a new headache for Apple’s hardware security team, and this one lives in silicon. Researchers at Paradigm Shift have gone public with the full technical breakdown of usbliter8, a BootROM vulnerability that allows arbitrary code execution on iPhones built around Apple’s A12 and A13 chips. The disclosure landed on June 18.
The word that matters most here is unpatchable. BootROM is read-only memory baked into the chip during manufacturing — it’s the very first code that runs when a device powers on, sitting beneath the operating system and below the reach of any software update. A bug that lives there cannot be fixed with a routine iOS patch the way most security holes are. Once the silicon ships, the flaw ships with it, permanently.
That makes usbliter8 conceptually similar to the kind of low-level exploits that have historically powered jailbreaks and forensic access tools. Arbitrary code execution at the BootROM level effectively means running unsigned code on the device before Apple’s chain of trust ever gets a say — the foundation that everything above it is supposed to rely on.
The affected hardware is not exactly obscure. The A12 and A13 generations covered the iPhone XS, XR and the iPhone 11 family, among other devices, putting a substantial install base in the crosshairs even years after those models first launched.
A few things worth keeping in perspective:
- It’s hardware-bound, so newer chips outside the A12/A13 range are not described as affected.
- It typically requires physical access — BootROM-level exploits of this type are generally triggered over USB while a device is connected and placed into a specific mode, rather than remotely over the air.
- It’s permanent for affected silicon, since there is no firmware route to rewrite that read-only code.
For the security and research community, a documented BootROM exploit is significant on its own terms: it can underpin device unlocking, deep forensic analysis and independent research into how Apple’s boot process actually behaves. For everyday owners of affected iPhones, the practical risk is more measured, given the physical-access nature of attacks at this layer — but the disclosure is a sharp reminder that the most stubborn vulnerabilities are the ones etched into the chip itself, not the ones living in software.
Paradigm Shift has published the technical details in full, so expect the broader research scene to start poking at usbliter8 in earnest.
