RSS

Researchers drop checkm8-style BootROM exploit for A12 and A13 iPhones

Timofeibu1 pts0 comments

Researchers drop checkm8-style BootROM exploit for A12 and A13 iPhones

Jump to main content

Search

REG AD

security

Researchers drop checkm8-style BootROM exploit for A12 and A13 iPhones

Owners of affected iPhones can stop checking for patches now: the fix for this SecureROM bug comes in a new handset

Carly Page

Carly<br>Page

Published<br>fri 19 Jun 2026 // 17:02 UTC

A newly disclosed BootROM exploit affecting Apple's A12 and A13 chips gives researchers a way to break the secure boot chain on millions of iPhones and other Apple devices.<br>The exploit, dubbed “usbliter8” by security researchers at Paradigm Shift, targets a flaw in the SecureROM code found on the iPhone XS, XR, 11, and 11 Pro models, plus other devices powered by Apple's A12 and A13 processors. Because the vulnerability resides in immutable BootROM code burned into silicon during manufacturing, it cannot be patched.<br>The researchers traced the issue to the Synopsys DesignWare USB controller used by Apple. A flaw in how the hardware handles certain USB setup packets allows attackers to corrupt memory during Device Firmware Update (DFU) mode, and ultimately gain control of SecureROM itself.

REG AD

That might sound like an unremarkable minor moment in boot process, but SecureROM sits at the very bottom of Apple's chain of trust. If an attacker can compromise it, they can interfere with everything that comes afterward.

REG AD

For ordinary iPhone owners, there is little reason to panic. Exploitation requires physical access to a device and the ability to place it into DFU mode, which means this isn’t the sort of bug criminals are likely to weaponize in phishing campaigns or drive-by attacks.<br>For security researchers, however, BootROM vulnerabilities are the gift that keeps on giving. Unlike software flaws that disappear after the next patch Tuesday, these bugs remain exploitable for the lifetime of the hardware.<br>Paradigm’s proof-of-concept demonstrates the ability to run unsigned code during the boot process, load custom iBoot images without signature checks, and modify DFU behavior. The exploit also marks compromised devices with the traditional "PWND" - a string familiar to anyone who spent time around the jailbreaking community over the last decade.<br>Not every generation of iPhone has the flaw. According to the researchers, Apple's A11 chips dodge the issue thanks to a different USB implementation, while A14 and later hardware appears to have fixed the conditions that make the exploit possible in the first place.

MORE CONTEXT

Russian spy agency says foreign spies turned officials' smartphones into surveillance devices

Apple, Google forced to issue emergency 0-day patches

Apple rushes out fix for active zero-day in iOS and macOS

US spy chief claims UK backed down over Apple backdoor demand

“While newer generations have addressed the underlying issue, affected A12 and A13 devices will carry it for the remainder of their lifetime,” said Paradigm researchers. “For those who have followed the history of iPhone exploitation and jailbreaking, this research is a reminder that the BootROM still occasionally has a surprise left to give.<br>The team said it disclosed the findings to Apple before publication and coordinated the release of the research with the company. Apple did not respond to The Register’s request for comment.<br>The exploit doesn’t directly compromise Apple's Secure Enclave Processor, which remains responsible for protecting passcodes, encryption keys, and other sensitive data. Still, gaining control of SecureROM is about as close as researchers can get to the keys to the kingdom without crossing that final boundary.<br>There's no fix, but a remedy is simple, if somewhat expensive: buy a new iPhone. ®

bootrom<br>apple<br>exploit<br>iphone<br>security

REG AD

Security

Researchers drop checkm8-style BootROM exploit for A12 and A13 iPhones

Owners of affected iPhones can stop checking for patches now: the fix for this SecureROM bug comes in a new handset

SYSTEMS

Tensordyne makes a big bet on log math to beat Nvidia

Who needs compute-hungry multiplications when you can just add logarithms

ZTE and China Telecom Guangdong advance cross‑vendor IP network simulation pilots, paving the way for intelligent network operations

PARTNER CONTENT: Leveraging >95% digital twin fidelity and multi-vendor collaboration to eliminate network change risks and achieve zero-error O&M

SOFTWARE

Bcachefs exits experimental status in new 'performance release'

More Rust, but more trouble with AI slop, too

PAAS AND IAAS

Graviton 5 impresses, but please, for the love of all that's holy, stop calling them 'AI chips'

AWS better at running chip fabs than their mouths

OFFBEAT

Waymo hits the brakes after robotaxis keep missing the signs for freeway construction zones

Nearly 4,000 vehicles recalled for driving past closure warnings and between cones marking shut lanes

MOST POPULAR

security

Feds freaked over Fable 5 after simple 'fix this code' prompt, not...

apple researchers exploit bootrom iphones security

Related Articles

Apple WWDC 2026 Livestream

nextstep32 ptsapple stream video event live feed

Claude Fable 5

Philpax30 ptsfable claude mythos model models capabilities

US Government directive to suspend access to Fable 5 and Mythos 5

Dylan131224 ptsfable government anthropic jailbreak access mythos

Is AI ruining our skills? Early results are in – and they're not good

Michelangelo1124 ptstools skills during physicians colonoscopies tool

German ruling declares Google liable for false answers in AI Overviews

ahlCVA15 ptsgoogle court search overviews content users
terms · privacy · disclaimer · contact · policy
© 2026 NewsHub. All rights reserved.
This site is for informational purposes only. Content is aggregated from publicly available sources. We may earn commissions through affiliate links. Not affiliated with Y Combinator or Hacker News.