20.06.2026
3 min
15
The vulnerability affects Apple’s A12 and A13 processors, as well as the S4 and S5 chips found in a wide range of devices. Impacted products include the iPhone XS, XS Max, XR, the entire iPhone 11 lineup, the second-generation iPhone SE, several iPad models, Apple Watch Series 4 and 5, Apple Watch SE, HomePod mini, and the second-generation Apple TV 4K.
Researchers also warn that certain iPad Pro models powered by the A12X and A12Z chips may be vulnerable, including the first- and second-generation 11-inch iPad Pro and the third- and fourth-generation 12.9-inch iPad Pro.
According to the researchers, the flaw is not located in iOS or iPadOS but in the device’s BootROM, a read-only memory component built directly into the processor that handles the earliest stages of the boot process. Because of this, Apple cannot patch the issue through software updates.
To exploit the vulnerability, an attacker must have physical access to the device. The attack is carried out through a USB connection while the device is in DFU (Device Firmware Update) mode, which is normally used for restoring firmware. In this state, the device accepts low-level service packets over USB.
The researchers discovered a flaw in the USB controller’s handling of these packets. Under normal circumstances, the packets must be exactly eight bytes long. However, specially crafted shorter packets can trigger a buffer overflow, allowing attackers to write data into protected memory regions.
As a result, an attacker can execute arbitrary code before Apple’s security mechanisms have a chance to load.
“The usbliter8 exploit demonstrates that even on newer SecureROM generations, including those protected by Pointer Authentication, subtle hardware flaws can still be leveraged to achieve full code execution and break the chain of trust,” the researchers wrote.
In practical terms, this means that anyone with physical access to a vulnerable device could potentially gain complete control over it. That is why such capabilities are highly valued by forensic firms, intelligence agencies, and law enforcement organizations seeking ways to bypass smartphone security.
At the same time, the researchers stress that the risk to most users remains relatively low. Exploiting the flaw requires both physical access and specialized equipment. However, journalists, activists, executives, and others who handle sensitive information may want to consider upgrading to newer hardware.
Apple was informed about the vulnerability before the research was published, and the disclosure process was coordinated with the company. However, because the flaw resides in BootROM, it cannot be fixed.
The good news is that newer Apple devices are not affected. Researchers confirmed that the A11 chip does not suffer from the issue due to a different USB driver implementation. Starting with the A14 generation, Apple redesigned part of its security architecture and properly configured the DART protection mechanism, preventing the USB controller from writing outside authorized memory regions.
The exploit code has already been published on GitHub. The researchers say they released it intentionally to help the security community better understand this class of hardware vulnerabilities and contribute to the development of more resilient systems.
“By publishing this research and the accompanying proof of concept, we aim to document the real-world impact of this class of hardware vulnerabilities, contribute to a broader understanding of modern BootROM security, and demonstrate that even recent SecureROM generations remain susceptible to subtle hardware flaws,” the researchers concluded.
