Boot-Level Flaws Expose Secure Boot Bypass on PCs and Unpatchable Exploit on Apple Chips
Researchers disclosed two separate boot-chain security issues that undermine trusted startup protections on major platforms. CERT/CC warned that outdated Microsoft-signed UEFI shim bootloaders—especially shim version 0.9 and earlier, including forked or unpatched builds used by vendors such as Red Hat Enterprise Linux, CentOS, Oracle, OpenSUSE, and WhiteCanyon—can be abused to bypass Secure Boot and run arbitrary code before the operating system loads. Because the attack executes in the early boot phase, it can evade EDR visibility and establish persistent compromise; Microsoft is responding by expanding the UEFI Forbidden Signature Database (DBX) to revoke vulnerable bootloaders, while administrators have been urged to update signature databases first and test carefully to avoid leaving systems unbootable.
Paradigm Shift also disclosed an unpatchable BootROM flaw in Apple A12 and A13 chips and released a proof-of-concept exploit, usbliter8, showing that affected devices from the iPhone XS through the iPhone 11 line can be compromised during startup. The bug stems from USB controller behavior in SecureROM that allows unauthorized memory writes via crafted packets, enabling temporary reduction of security settings, booting of unsigned software, and the familiar PWND USB serial marker after exploitation. Apple was notified before publication, but because the weakness is embedded in silicon, software updates cannot fully eliminate the risk for affected devices over their operational lifetime.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
5 events from the most recent confirmed update back to the earliest known activity.
Researchers extend usbliter8 impact to Apple S4/S5 chips
Paradigm Shift said the usbliter8 BootROM exploit chain also affects Apple S4 and S5 chips, in addition to A12 and A13 devices. The expanded scope means the chain-of-trust compromise is not limited to iPhones using A12/A13 silicon and also impacts additional Apple hardware families built on vulnerable immutable BootROM code.
Paradigm Shift discloses A12/A13 exploit and releases usbliter8 PoC
Paradigm Shift publicly disclosed the A12 and A13 BootROM vulnerability and released a proof-of-concept exploit named usbliter8. The exploit abuses a USB controller bug during startup to enable unauthorized memory writes, allowing temporary security downgrades and booting unsigned software on affected devices.
Paradigm Shift reports A12/A13 BootROM flaw to Apple
Paradigm Shift reported a BootROM vulnerability affecting Apple A12 and A13 chips to Apple Product Security and coordinated disclosure before publication. Because the flaw resides in immutable BootROM/SecureROM code, affected devices cannot be fully fixed through software updates.
Microsoft expands DBX revocations to mitigate vulnerable shim bootloaders
Microsoft began mitigating the Secure Boot bypass risk by expanding the UEFI Forbidden Signature Database (DBX) to revoke trust in vulnerable bootloaders. The guidance emphasized updating authorized signature databases before deploying DBX revocations to avoid rendering systems unbootable.
CERT/CC documents vulnerable Microsoft-signed UEFI shim bootloaders
Security researchers reported that outdated Microsoft-signed UEFI shim bootloaders, especially shim version 0.9 and earlier, can be abused to bypass Secure Boot across multiple operating systems and vendors. CERT/CC documented the issue, which affects forked and unpatched shim versions used by vendors including Red Hat Enterprise Linux, CentOS, Oracle, OpenSUSE, and WhiteCanyon.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
4 references tracked. Mallory keeps watching after this page renders.
New iPhone BootROM Vulnerability Exposes Apple SoCs to Full Chain-of-Trust Compromise
cybersecuritynews.com
Open sourceApple's A12 and A13 Chips Facing New Unpatchable Exploit - MacRumors
macrumors.com
Open sourceVU#457458 - Vendor-signed UEFI applications found vulnerable to Secure Boot bypass
kb.cert.org
Open sourceVulnerable UEFI Shim Bootloaders Allow Secure Boot Bypass
securityonline.info
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
usbliter8 Exploit Breaks SecureROM on Apple A12 and A13 Devices
Security researchers at Paradigm Shift disclosed **`usbliter8`**, a tethered BootROM exploit that achieves privileged SecureROM code execution on Apple devices using **A12** and **A13** processors, as well as **Apple Watch S4/S5** chipsets. The exploit chains a flaw in the **Synopsys DesignWare USB 2 controller** with a firmware configuration weakness in the boot chain, allowing attackers with physical access to modify **DFU mode**, inject custom USB handlers, and boot unsigned **iBoot** images. Researchers said the issue affects immutable BootROM/SecureROM code, meaning software updates cannot fully fix vulnerable devices and hardware replacement is the most effective mitigation. The public release included a GitHub repository and technical write-up describing hardware requirements and exploitation steps. Because the bug is exposed through low-level USB behavior that typical host stacks cannot reach, the exploit uses **RP2350-based microcontroller boards** such as the **Waveshare RP2350 USB-A**, **Waveshare RP2350 Zero**, **Pimoroni TINY2350**, and **Raspberry Pi Pico 2**. Paradigm Shift said **A11** devices are not vulnerable due to different USB driver behavior, while **A14 and later** platforms appear harder to exploit because **DART** is configured correctly; Apple Product Security was notified before publication.
Jun 23, 2026
Secure Boot Bypass Vulnerability in Framework Linux Laptops via Signed UEFI Shells
Researchers from Eclypsium discovered that nearly 200,000 Linux-based Framework laptops and desktops were shipped with signed UEFI shell components containing a powerful 'memory modify' (mm) command, which can be exploited to bypass Secure Boot protections. The mm command, intended for low-level diagnostics and firmware debugging, provides direct read and write access to system memory, including critical security variables such as gSecurity2. By abusing this command, an attacker can overwrite the gSecurity2 variable with NULL, effectively disabling signature verification for all subsequent UEFI module loads and breaking the Secure Boot trust chain. This vulnerability allows attackers to load bootkits such as BlackLotus, HybridPetya, and Bootkitty, which can evade operating system-level security controls and persist even after OS reinstallation. The attack can be automated using startup scripts, ensuring persistence across reboots. The issue is not the result of a supply chain compromise or malicious intent, but rather an oversight in the inclusion of diagnostic tools signed with trusted certificates. Eclypsium's research highlights that these signed UEFI shells, while legitimate, function as backdoors that undermine the security model of Secure Boot. The presence of such tools in production devices exposes users to significant risk, as attackers can leverage them for pre-OS infections, espionage, sabotage, or ransomware attacks. The gaming industry has already seen commercial cheat providers exploiting similar UEFI-level bypasses, and the same techniques could be adopted by nation-state actors or advanced persistent threats. Framework has acknowledged the issue and is working on remediation, with fixes planned for affected models such as the Framework 13 (11th and 12th Gen Intel). The discovery underscores the broader risk of trusted, signed components containing powerful functionality that can be misused, and the need for rigorous review of firmware-level tools included in shipping devices. The vulnerability demonstrates that even systems marketed as secure and repairable can harbor critical flaws if diagnostic utilities are not properly restricted. The incident serves as a warning to hardware manufacturers and the security community about the dangers of trusted but overly permissive firmware components. Eclypsium's findings have prompted a reassessment of trust models in firmware security, emphasizing the importance of minimizing attack surfaces in pre-boot environments. The case also illustrates how attackers are increasingly targeting lower layers of the computing stack to achieve persistence and evade detection. Framework's response and the ongoing remediation efforts will be closely watched by the industry as a test case for responsible disclosure and mitigation of firmware-level threats.
Mar 21, 2026
Hardware-Level Android Chip Vulnerabilities Enable Device Compromise
Security researchers and vendors reported **hardware/firmware-level vulnerabilities in Android chip components** that can enable deep device compromise beyond typical app-layer defenses. Ledger’s Donjon research described a flaw involving **MediaTek chip boot-chain behavior and Trustonic’s trusted execution environment (TEE)** that allowed rapid physical compromise: by connecting an affected phone to a laptop over **USB**, attackers could allegedly brute-force the PIN, decrypt storage, and extract sensitive data including messages and **cryptocurrency wallet seed phrases** (e.g., Kraken Wallet, Phantom). The researchers estimated the affected MediaTek chips appear in roughly **one-quarter of Android phones**, disproportionately in lower-cost devices. Separately, Zimperium reported active exploitation of a **Qualcomm graphics zero-day** (**CVE-2026-21385**) in targeted Android attacks, describing a memory-corruption condition that could enable code execution or unauthorized access across “hundreds” of Qualcomm chipsets. A ZDNET article on Android’s *Repair Mode* primarily provides user guidance and anecdotal troubleshooting around a buggy March update/SIM recognition issue; it does not substantively address the chip-level vulnerabilities described in the other reporting and is best treated as tangential consumer advice rather than incident or vulnerability intelligence.
Mar 21, 2026