Critical BootROM Vulnerability in Older iPhones: Apple Unable to Patch Hardware Bug

Cybersecurity experts at Paradigm Shift have identified a critical vulnerability in older iPhone models powered by A12 and A13 processors. Dubbed usbliter8, the flaw exploits BootROM—the unchangeable code responsible for device initialization. A defect in the USB controller allows attackers to send specially crafted data during boot, overwriting critical memory regions and seizing control of the system.

Apple partially mitigated the issue in A13 chips using Pointer Authentication (PAC), which blocks attempts to tamper with critical processor functions. However, researchers bypassed this protection, proving the vulnerability remains exploitable even on newer A13-based devices. Physical access to the iPhone is required, and data stored in Secure Enclave—Apple’s protected repository for passwords and biometrics—remains secure for now. Experts caution that future attacks may find ways to compromise Secure Enclave using this flaw.

As a hardware-level issue, the vulnerability cannot be patched via iOS updates and will persist on all affected devices indefinitely. The only mitigation is replacing the device with a model featuring a newer processor without this flaw. Vulnerable devices include Apple Watches with S4 and S5 chips, while tablets with A12X/Z chips may also be at risk, though this has not been confirmed.

Like the infamous checkm8 exploit, usbliter8 could enable jailbreaking on older iPhones. However, this offers little comfort to average users, as the risk of device compromise remains significant, especially if the device falls into unauthorized hands. Apple was notified of the issue prior to public disclosure but has no viable remediation for affected users.