Unpatchable ‘usbliter8’ Exploit Breaks Apple A12 and A13 SecureROM Boot Chain
The unpatchable usbliter8 SecureROM exploit gives code execution on Apple A12/A13 devices via DFU mode. A14 and newer chips are unaffected.
What’s new: Security researchers at Paradigm Shift have released an exploit named usbliter8 that allows arbitrary code execution within the SecureROM of Apple’s A12 and A13 chips. This exploit is unpatchable via software updates and requires physical access to the device in DFU mode, connected through a specific microcontroller board. The exploit targets a hardware flaw in the Synopsys DWC2 USB controller, enabling attackers to gain control over the device’s boot process.
Who’s affected
Affected devices include those with A12 and A13 SoCs, such as the iPhone XS, XS Max, XR, 11 series, SE (2nd generation), iPad Air (3rd gen), iPad mini (5th gen), Apple Watch Series 4 and 5, and HomePod mini. A11 devices are not affected, and A14 and later chips appear to be secure against this exploit.
What to do
- Inventory devices with A12, A13, S4, and S5 hardware in sensitive roles.
- Prioritize refreshing devices to A14 or newer models.
- Avoid using DFU mode over untrusted USB cables or hosts.
- Implement strict physical security measures to control device access.
