usbliter8 Exploit Breaks SecureROM on Apple A12 and A13 Devices
Security researchers at Paradigm Shift disclosed usbliter8, a tethered BootROM exploit that achieves privileged SecureROM code execution on Apple devices using A12 and A13 processors, as well as Apple Watch S4/S5 chipsets. The exploit chains a flaw in the Synopsys DesignWare USB 2 controller with a firmware configuration weakness in the boot chain, allowing attackers with physical access to modify DFU mode, inject custom USB handlers, and boot unsigned iBoot images. Researchers said the issue affects immutable BootROM/SecureROM code, meaning software updates cannot fully fix vulnerable devices and hardware replacement is the most effective mitigation.
The public release included a GitHub repository and technical write-up describing hardware requirements and exploitation steps. Because the bug is exposed through low-level USB behavior that typical host stacks cannot reach, the exploit uses RP2350-based microcontroller boards such as the Waveshare RP2350 USB-A, Waveshare RP2350 Zero, Pimoroni TINY2350, and Raspberry Pi Pico 2. Paradigm Shift said A11 devices are not vulnerable due to different USB driver behavior, while A14 and later platforms appear harder to exploit because DART is configured correctly; Apple Product Security was notified before publication.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
2 events from the most recent confirmed update back to the earliest known activity.
usbliter8 exploit code and technical documentation released on GitHub
A GitHub repository for usbliter8 was published with exploit code, hardware requirements, DFU handling details, and a Python control tool named usbliter8ctl. The repository documented support for A12, A13, and Apple Watch S4/S5 SoCs and explained post-exploitation capabilities such as demoting production mode or booting raw iBoot.
Paradigm Shift discloses usbliter8 BootROM exploit
Paradigm Shift publicly introduced usbliter8, a tethered SecureROM/BootROM exploit affecting Apple A12 and A13 devices and Apple Watch S4/S5 chipsets. The disclosure described a chain involving a Synopsys DesignWare USB 2 controller flaw and a firmware configuration weakness to gain privileged SecureROM code execution.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
14 references tracked. Mallory keeps watching after this page renders.
Ces anciens modèles d'iPhone présentent une faille de sécurité ir ...
zdnet.fr
Open sourceNew Apple Exploit Exposes Millions of iPhones Worldwide, No Software Fix Available
techrepublic.com
Open sourceNew Exploit Bypasses Apple's Boot Defenses, Affects Millions of iPhones - SecurityWeek
securityweek.com
Open sourceusbliter8 Brings Unpatchable BootROM Exploit to Apple A12 and A13 Devices - Security Affairs
securityaffairs.com
Open sourceResearchers drop checkm8-style BootROM exploit for A12 and A13 iPhones
theregister.com
Open sourceApple: New iPhone BootROM Vulnerability Exposes Apple SoCs to Full Chain-of-Trust Compromise
blog.rankiteo.com
Open sourceGitHub - prdgmshift/usbliter8: An A12/A13 SecureROM exploit · GitHub
github.com
Open sourceParadigm Shift - Introducing usbliter8
ps.tc
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Boot-Level Flaws Expose Secure Boot Bypass on PCs and Unpatchable Exploit on Apple Chips
Researchers disclosed two separate boot-chain security issues that undermine trusted startup protections on major platforms. CERT/CC warned that outdated Microsoft-signed UEFI **shim** bootloaders—especially `shim` version `0.9` and earlier, including forked or unpatched builds used by vendors such as Red Hat Enterprise Linux, CentOS, Oracle, OpenSUSE, and WhiteCanyon—can be abused to bypass **Secure Boot** and run arbitrary code before the operating system loads. Because the attack executes in the early boot phase, it can evade EDR visibility and establish persistent compromise; Microsoft is responding by expanding the UEFI Forbidden Signature Database (**DBX**) to revoke vulnerable bootloaders, while administrators have been urged to update signature databases first and test carefully to avoid leaving systems unbootable. Paradigm Shift also disclosed an **unpatchable BootROM flaw** in Apple `A12` and `A13` chips and released a proof-of-concept exploit, `usbliter8`, showing that affected devices from the iPhone XS through the iPhone 11 line can be compromised during startup. The bug stems from USB controller behavior in SecureROM that allows unauthorized memory writes via crafted packets, enabling temporary reduction of security settings, booting of unsigned software, and the familiar `PWND` USB serial marker after exploitation. Apple was notified before publication, but because the weakness is embedded in silicon, software updates cannot fully eliminate the risk for affected devices over their operational lifetime.
Jun 18, 2026
Hardware-Level Android Chip Vulnerabilities Enable Device Compromise
Security researchers and vendors reported **hardware/firmware-level vulnerabilities in Android chip components** that can enable deep device compromise beyond typical app-layer defenses. Ledger’s Donjon research described a flaw involving **MediaTek chip boot-chain behavior and Trustonic’s trusted execution environment (TEE)** that allowed rapid physical compromise: by connecting an affected phone to a laptop over **USB**, attackers could allegedly brute-force the PIN, decrypt storage, and extract sensitive data including messages and **cryptocurrency wallet seed phrases** (e.g., Kraken Wallet, Phantom). The researchers estimated the affected MediaTek chips appear in roughly **one-quarter of Android phones**, disproportionately in lower-cost devices. Separately, Zimperium reported active exploitation of a **Qualcomm graphics zero-day** (**CVE-2026-21385**) in targeted Android attacks, describing a memory-corruption condition that could enable code execution or unauthorized access across “hundreds” of Qualcomm chipsets. A ZDNET article on Android’s *Repair Mode* primarily provides user guidance and anecdotal troubleshooting around a buggy March update/SIM recognition issue; it does not substantively address the chip-level vulnerabilities described in the other reporting and is best treated as tangential consumer advice rather than incident or vulnerability intelligence.
Mar 21, 2026
Secure Boot Bypass Vulnerability in Framework Linux Laptops via Signed UEFI Shells
Researchers from Eclypsium discovered that nearly 200,000 Linux-based Framework laptops and desktops were shipped with signed UEFI shell components containing a powerful 'memory modify' (mm) command, which can be exploited to bypass Secure Boot protections. The mm command, intended for low-level diagnostics and firmware debugging, provides direct read and write access to system memory, including critical security variables such as gSecurity2. By abusing this command, an attacker can overwrite the gSecurity2 variable with NULL, effectively disabling signature verification for all subsequent UEFI module loads and breaking the Secure Boot trust chain. This vulnerability allows attackers to load bootkits such as BlackLotus, HybridPetya, and Bootkitty, which can evade operating system-level security controls and persist even after OS reinstallation. The attack can be automated using startup scripts, ensuring persistence across reboots. The issue is not the result of a supply chain compromise or malicious intent, but rather an oversight in the inclusion of diagnostic tools signed with trusted certificates. Eclypsium's research highlights that these signed UEFI shells, while legitimate, function as backdoors that undermine the security model of Secure Boot. The presence of such tools in production devices exposes users to significant risk, as attackers can leverage them for pre-OS infections, espionage, sabotage, or ransomware attacks. The gaming industry has already seen commercial cheat providers exploiting similar UEFI-level bypasses, and the same techniques could be adopted by nation-state actors or advanced persistent threats. Framework has acknowledged the issue and is working on remediation, with fixes planned for affected models such as the Framework 13 (11th and 12th Gen Intel). The discovery underscores the broader risk of trusted, signed components containing powerful functionality that can be misused, and the need for rigorous review of firmware-level tools included in shipping devices. The vulnerability demonstrates that even systems marketed as secure and repairable can harbor critical flaws if diagnostic utilities are not properly restricted. The incident serves as a warning to hardware manufacturers and the security community about the dangers of trusted but overly permissive firmware components. Eclypsium's findings have prompted a reassessment of trust models in firmware security, emphasizing the importance of minimizing attack surfaces in pre-boot environments. The case also illustrates how attackers are increasingly targeting lower layers of the computing stack to achieve persistence and evade detection. Framework's response and the ongoing remediation efforts will be closely watched by the industry as a test case for responsible disclosure and mitigation of firmware-level threats.
Mar 21, 2026