Research: usbliter8 — an unpatchable SecureROM boot-chain exploit for Apple A12/A13 silicon

Paradigm Shift published usbliter8, a working SecureROM (burned-in, unpatchable boot code) exploit for Apple A12 and A13 SoCs via a hardware-level USB DMA buffer underflow combined with a firmware configuration flaw, achieving pre-boot arbitrary code execution in under two seconds (9to5Mac, 2026-06-18; daily 06-20). It requires physical possession in DFU mode with a dedicated RP2350 board; the Secure Enclave is not compromised, so passcodes and encrypted user data remain protected — the risk class is forensic/intelligence-collection on seized devices, not remote exploitation. For CH/EU public-sector MDM/BYOD fleets the operational consequence is a hardware-refresh planning input: affected devices (iPhone XR/XS/11 generations, several iPads, older Apple Watches and HomePod mini) cannot be patched, so high-sensitivity-role devices on A12/A13 silicon should be prioritised for replacement and protected with physical-custody controls.