Critical iPhone BootROM Vulnerability "usbliter8" Exposes A12/A13 Devices to Permanent Exploitation
A newly disclosed vulnerability in Apple’s SecureROM, dubbed usbliter8, reveals a fundamental flaw in the boot process of iPhones powered by A12 and A13 chips. Research published by Paradigm Shift on June 18, 2026, demonstrates a working exploit that compromises the entire trust chain of the Application Processor (AP), enabling attackers to achieve arbitrary memory writes and full control over device execution.
The flaw stems from a misconfiguration in the Synopsys DesignWare USB2 (DWC2) controller, which improperly handles malformed USB Setup packets. While the USB specification mandates 8-byte Setup transactions, the controller accepts smaller packets, writing them in 4-byte chunks. A mismatch in DMA pointer handling creates a controlled buffer underflow, allowing attackers to overwrite adjacent memory in 12-byte increments. Apple’s configuration of the DMA address register (DOEPDMA) as a dynamic pointer rather than a static buffer further exacerbates the issue, enabling unrestricted memory writes into sensitive SRAM regions.
Exploitation varies by chipset. On A12 devices, attackers can directly overwrite the saved link register (LR) on the USB task stack, granting straightforward control-flow hijacking. The A13’s Pointer Authentication (PAC) complicates exploitation, but researchers bypassed it by chaining heap corruption, controlled zero writes, and manipulation of system structures including a DART cleanup routine that facilitates memory zeroing. By timing DMA writes and leveraging task scheduling, attackers achieve arbitrary memory overwrites without corrupting critical registers.
Once program counter (PC) control is obtained, the exploit escalates privileges within SecureROM. Despite operating primarily at EL0, specific instructions (e.g., SVC 0) allow temporary transitions to EL1. The attack targets a boot trampoline function, injecting shellcode via DMA and bypassing signature checks. On A12, a minimal ROP chain suffices, while A13 requires advanced techniques to circumvent PAC.
Post-exploitation capabilities are severe. Attackers can modify the boot process, inject custom USB handlers, execute unsigned iBoot firmware, and introduce new DFU commands including "demotion" to lower device security states. While the Secure Enclave Processor (SEP) remains uncompromised, the attack weakens system-wide trust boundaries, potentially enabling further exploits.
Since BootROM is immutable, the vulnerability cannot be patched via software updates. Apple has confirmed coordinated disclosure, but millions of A12- and A13-based devices including iPhone XS, XR, 11, and SE (2nd gen) remain permanently vulnerable. Newer chips (A14 and later) are unaffected due to corrected DART configurations. The research underscores how hardware-level flaws can persist across device lifecycles, bypassing even advanced mitigations like PAC.
Source: https://gbhackers.com/iphone-bootrom-vulnerability/
Apple TPRM report: https://www.rankiteo.com/company/apple
"id": "app1781850324",
"linkid": "apple",
"type": "Vulnerability",
"date": "6/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': 'Millions of iPhone users '
'(A12/A13 devices)',
'industry': 'Consumer Electronics',
'location': 'Cupertino, California, USA',
'name': 'Apple Inc.',
'size': 'Large',
'type': 'Technology Company'}],
'attack_vector': 'USB (Physical Access)',
'customer_advisories': 'Users of iPhone XS, XR, 11, and SE (2nd gen) should '
'exercise caution with USB connections.',
'data_breach': {'data_encryption': 'Bypassed (arbitrary memory writes)',
'personally_identifiable_information': 'Potential (if further '
'exploits are '
'chained)'},
'date_publicly_disclosed': '2026-06-18',
'description': 'A newly disclosed vulnerability in Apple’s SecureROM, dubbed '
'*usbliter8*, reveals a fundamental flaw in the boot process '
'of iPhones powered by A12 and A13 chips. The flaw stems from '
'a misconfiguration in the Synopsys DesignWare USB2 (DWC2) '
'controller, which improperly handles malformed USB Setup '
'packets, enabling attackers to achieve arbitrary memory '
'writes and full control over device execution. The '
'vulnerability cannot be patched via software updates, leaving '
'millions of devices permanently vulnerable.',
'impact': {'brand_reputation_impact': 'High (permanent vulnerability in '
'millions of devices)',
'identity_theft_risk': 'Potential (if further exploits are '
'chained)',
'operational_impact': 'Full control over device execution, boot '
'process modification, injection of custom '
'USB handlers, execution of unsigned iBoot '
'firmware',
'payment_information_risk': 'Potential (if further exploits are '
'chained)',
'systems_affected': 'iPhones with A12/A13 chips (iPhone XS, XR, '
'11, SE 2nd gen)'},
'investigation_status': 'Disclosed',
'lessons_learned': 'Hardware-level flaws can persist across device '
'lifecycles, bypassing advanced mitigations like PAC. '
'Immutable BootROM vulnerabilities require hardware '
'revisions for mitigation.',
'post_incident_analysis': {'corrective_actions': 'Hardware revision required '
'for future chips (A14 and '
'later are unaffected due to '
'corrected DART '
'configurations).',
'root_causes': 'Misconfiguration in Synopsys '
'DesignWare USB2 controller (DWC2) '
'handling of malformed USB Setup '
'packets, leading to controlled '
'buffer underflow and arbitrary '
'memory writes.'},
'recommendations': ['Users of affected devices should avoid connecting to '
'untrusted USB accessories.',
'Apple should consider hardware revisions for future '
'devices to address the DART misconfiguration.',
'Enhanced monitoring for unusual USB activity on affected '
'devices.'],
'references': [{'date_accessed': '2026-06-18',
'source': 'Paradigm Shift Research'}],
'response': {'communication_strategy': 'Coordinated disclosure with '
'researchers',
'remediation_measures': 'No software patch possible (immutable '
'BootROM); hardware revision required '
'for future devices'},
'stakeholder_advisories': 'Apple has confirmed coordinated disclosure with '
'researchers.',
'title': "Critical iPhone BootROM Vulnerability 'usbliter8' Exposes A12/A13 "
'Devices to Permanent Exploitation',
'type': 'Hardware Vulnerability',
'vulnerability_exploited': 'usbliter8 (BootROM misconfiguration in Synopsys '
'DesignWare USB2 controller)'}