Security researchers at Paradigm Shift have detailed usbliter8, a new BootROM flaw that they say cannot be patched and could underpin fresh jailbreak tools for Apple devices with A12 and A13-era chips. The bug needs physical access and DFU mode, but once triggered, it can run arbitrary code before iOS even starts to boot.
The flaw affects A12, S4, S5, and A13 chips, which means it touches the iPhone XR, XS, and 11 models, several generations of Apple Watch, HomePod mini, Studio Display, and entry-level iPads. A12X and A12Z exploitation is also considered possible in the near term.
That puts it in the same unpleasant family as older hardware exploits: Apple can close software holes, but it cannot send a firmware update to fix silicon that has already shipped. The upside for Apple users is that Secure Enclave is not directly compromised, so passwords and local data are still protected for now. The downside is obvious enough: any flaw that reaches the boot chain tends to attract jailbreak developers like moths to a soldering iron.
Which Apple chips are affected
The vulnerable systems on a chip are A12, S4, S5, and A13. That means the issue touches iPhone XR, XS, and 11 models, several generations of Apple Watch, HomePod mini, Studio Display, and entry-level iPads.
- A12, S4, S5 and A13 are affected.
- A12X and A12Z exploitation is also considered possible in the near term.
- A11 and earlier chips are not affected by usbliter8.
How the usbliter8 exploit works
The researchers say the bug comes from a hardware failure in the USB controller combined with a firmware configuration mistake, which causes data to be written to the wrong area of memory. On A13, the team had to work around pointer authentication code protection by damaging memory in stages until they could hijack the USB interrupt handler. That is a lot of effort for a bug that still requires a tethered device in DFU mode, but it is also exactly the sort of low-level trick that jailbreak tooling thrives on.
Why Apple cannot patch it away
Because the weakness is physical, not just software-based, Apple cannot fix it with a normal update. Paradigm Shift says the safer path is moving to newer hardware, which is the same awkward answer users got with previous bootrom-class bugs such as checkm8 for A11 and earlier devices. The researchers also said they coordinated with Apple’s security team before going public, which is the polite part of this story; the less polite part is that anyone hoping for a clean software remedy is out of luck.
The exploit has already been posted on GitHub and picked up hundreds of positive reactions within hours, a decent hint that toolmakers will be busy. Expect the first wave to focus on proof-of-concept jailbreaks for the affected devices, followed by the usual cat-and-mouse game: Apple hardens the software edges, and the hardware flaw sits there, stubborn as ever, waiting for the next clever abuse.