Unpatchable 'usbliter8' Exploit Breaks Apple A12 and A13 SecureROM Boot Chain

Key Points:

• Security researchers at Paradigm Shift have released a working exploit called usbliter8 that achieves arbitrary code execution inside the SecureROM of Apple's A12 and A13 chips, a flaw that cannot be patched by software updates since it resides in hardware.
• The exploit requires physical access to the device, which must be in DFU mode and connected via USB to a specialized microcontroller; it executes in under two seconds before Apple's secure boot chain loads.
• Affected devices include iPhone XS, XR, 11 series, second-generation SE, certain iPads, Apple Watch Series 4 and 5, the first-generation Apple Watch SE, and HomePod mini, while A11 and A14 or later chips are not vulnerable.
• The vulnerability stems from a hardware flaw in the Synopsys DWC2 USB controller's DMA buffer handling combined with Apple's USB DART configuration that allows buffer underflow and arbitrary SRAM overwrite, enabling code execution at the highest privilege level inside SecureROM.
• Post-exploitation, attackers can bypass Apple's secure boot chain to run unsigned code, though Secure Enclave is not directly compromised; the exploit cannot be patched and poses a physical device custody risk, especially in high-security environments.