USBLiter8: The First Unpatchable BootROM Exploit for Apple A12 and A13 Since checkm8
Explore USBLiter8, the first public BootROM exploit since checkm8. Learn how it affects Apple A12 and A13 devices, enables Pwned DFU mode, and advances iOS security research.

For the first time since the release of checkm8 in 2019, security researchers have publicly disclosed another BootROM exploit affecting Apple devices. The new exploit, called USBLiter8, was developed by security researchers at Paradigm Shift and targets Apple devices powered by A12 and A13 processors.
Because the vulnerability exists inside Apple's immutable SecureROM (BootROM), it cannot be patched through iOS, iPadOS, or firmware updates. Every affected device remains vulnerable for its entire hardware lifetime.
A Hardware Vulnerability That Cannot Be Fixed
Unlike most security vulnerabilities that exist in software, USBLiter8 exploits a flaw inside the BootROM—the first code executed when an Apple device powers on.
BootROM is permanently programmed into the processor during manufacturing. Once the chip leaves the factory, its contents cannot be modified, meaning Apple cannot distribute a software update to remove the vulnerability.
The only complete mitigation is replacing the hardware with a newer generation that is not affected.
How USBLiter8 Works
According to the Paradigm Shift blog, the vulnerability is caused by a flaw in the Synopsys DesignWare (DWC2) USB controller used in Apple's A12 and A13 chips.
During DFU mode, the USB controller processes incoming setup packets before iOS or iBoot starts. Researchers discovered that a specially crafted sequence of USB packets can manipulate an internal memory pointer, allowing writes outside the intended memory region.
By carefully controlling these writes, arbitrary code execution inside SecureROM becomes possible before Apple's secure boot chain is established.
Why A12 and A13 Are Vulnerable
Paradigm Shift explains that the affected processors occupy a unique position in Apple's hardware evolution.
Older A11 devices avoided the issue because their BootROM manually reset the vulnerable USB pointer after every transfer. Newer A14 and later processors correctly configure hardware memory protection during BootROM initialization.
A12 and A13 devices fall between those two generations, leaving them exposed to the hardware flaw.
Physical Access Is Required
USBLiter8 is not a remote attack.
An attacker must:
- Physically possess the device.
- Place it into DFU mode.
- Connect it to a dedicated RP2350-based microcontroller running the USBLiter8 firmware.
The complete exploitation process takes less than two seconds and occurs before Apple's signed boot chain begins loading.
Exploitation Differs Between A12 and A13
Although the same BootROM vulnerability affects both processor families, exploitation is not identical.
On A12 devices, obtaining arbitrary code execution is comparatively straightforward.
On A13, researchers also had to overcome Apple's Pointer Authentication Codes (PAC), a hardware security feature designed to protect return addresses and other pointers against memory corruption attacks.
What Happens After Exploitation?
A successful exploit places the device into Pwned DFU mode.
The USB serial number changes to include:
PWND:[usbliter8]
Once in this state, researchers can upload their own boot components, including:
- Custom iBSS
- Custom iBEC
- SSH ramdisks
- Unsigned iBoot images
- Custom kernels
- Research tools
This creates a powerful platform for bootloader research and low-level analysis of Apple's secure boot process.
Does This Mean Every Device Can Be Jailbroken?
Not necessarily.
USBLiter8 is a BootROM exploit, not a complete jailbreak.
It provides low-level code execution during boot, but additional software components are still required to:
- Boot custom environments
- Patch iOS
- Develop jailbreaks
- Perform filesystem modifications
The exploit is primarily intended for security research, reverse engineering, firmware analysis, and development of future tools.
Is the Secure Enclave Broken?
No.
Paradigm Shift emphasized that USBLiter8 does not directly compromise the Secure Enclave Processor (SEP).
SEP continues to operate independently from the application processor and maintains responsibility for encryption keys, biometric data, and other sensitive security functions.
However, BootROM access significantly expands what researchers can study and test during the earliest stages of the boot process.
Can USBLiter8 Be Used for iCloud Lock Bypass?
Activation Lock involves much more than the BootROM. It relies on Apple's activation infrastructure, signed activation records, and the Secure Enclave for certain security functions.
A BootROM exploit does not automatically disable those mechanisms. However, having BootROM access may simplify the development and research of future iCloud bypass techniques.
Conclusion
USBLiter8 marks the first publicly released BootROM exploit for Apple devices since checkm8 and extends public hardware-level exploitation to the A12 and A13 generations.
While the attack requires physical access and specialized hardware, its significance lies in the fact that it targets immutable BootROM code that Apple cannot update. As a result, every affected device remains vulnerable throughout its entire service life, making USBLiter8 one of the most significant Apple security research developments in recent years.
References
Condividere:
Software di sblocco per iPhone e iPad
Software di sblocco per Mac
iRemove Notizia
Stai ancora cercando aiuto?
Per favore, non preoccuparti. Si prega di contattare il nostro team di supporto. Siamo sempre felici di aiutarti.
Contatta il nostro amichevole team di supporto