Unpatchable USB flaw targets Apple SecureROM on A12/A13 chips

Paradigm Shift disclosed usbliter8, a hardware-level exploit that can execute code inside Apple’s SecureROM on A12/A13 by abusing a USB controller DMA bug; it requires physical access, DFU mode, and a dedicated RP2350-based board, and cannot be fixed by firmware, making it effectively unpatchable on affected devices (A12/A13/S4/S5). The public PoC covers iPhone XS/XS Max/XR, iPhone 11 line, iPad Air 3, iPad mini 5, iPad 8th gen, Apple Watch Series 4/5, and HomePod mini; A14+ appear safe. No Secure Enclave compromise reported and no CVE yet; for most users risk is low, but in high-security environments it creates a hardware boundary problem requiring device retirement or strict custody controls.
- Unpatchable 'usbliter8' Exploit Breaks Apple A12 and A13 SecureROM Boot Chain The Hacker News
- New unpatchable exploit targets Apple devices with A12 and A13 chips 9to5Mac
- Older iPhones are vulnerable to a flaw Apple likely can’t fix Mashable
- Apple users told to watch out for 'unpatchable' iPhone security issues - here's what we know TechRadar
- Researchers uncover an unpatchable security flaw affecting several iPhone generations - GSMArena.com news GSMArena.com
Reading Insights
0
17
3 min
vs 4 min read
86%
781 → 109 words
Want the full story? Read the original article
Read on The Hacker News