Overview
- Paradigm Shift, which published a working proof-of-concept on Thursday, disclosed usbliter8 as a BootROM exploit that gives arbitrary code execution inside the immutable SecureROM on A12 and A13 processors.
- Researchers say the bug stems from a Synopsys DesignWare (DWC2) USB controller DMA underflow combined with SecureROM DART configuration that allows writes into SecureROM SRAM.
- Exploitation requires physical possession, forcing the device into DFU mode, a USB connection and a small microcontroller to deliver crafted USB setup packets, so the flaw cannot be triggered remotely.
- Once exploited the attack can bypass Apple’s signature checks to load unsigned iBoot images or lower device security; the Secure Enclave Processor is not shown to be directly broken but could be exposed by follow-on chains.
- Millions of devices are affected, including iPhone XS/XR, iPhone 11 and SE (2nd gen) plus certain iPads, Apple Watch Series 4/5 and HomePod mini, and researchers urge migration to A14-or-newer hardware and stricter physical and USB controls while forensic and jailbreak tools may adapt the public code.