usbliter8 — permanent unpatchable SecureROM boot-chain exploit for Apple A12/A13 silicon (checkm8 successor)

Paradigm Shift Technology published usbliter8 on 2026-06-18 with a full technical write-up and a working RP2350-based proof-of-concept: a software-unpatchable bootrom exploit for Apple A12 and A13 (and S4/S5) SoCs, conceptually the successor to 2019's checkm8 (Paradigm Shift, 2026-06-18). The root cause is a buffer underflow in the Synopsys DWC2 USB controller's DMA path that Apple's DART IOMMU does not block while the device is in DFU mode, allowing arbitrary SRAM overwrites; on A13 the chain additionally bypasses Pointer Authentication via heap corruption before booting unsigned iBoot images and fully subverting the chain of trust (The Hacker News, 2026-06-19). Exploitation requires physical access to a device in DFU mode connected over USB to the attacker's microcontroller and completes in under two seconds. Affected hardware spans iPhone XS/XR through the iPhone 11 line, several iPad and Apple Watch generations and the HomePod mini; A14 and later are unaffected. Because the flaw is in mask-ROM, no OS update can remediate it (MITRE ATT&CK T1542.003 Pre-OS Boot: Bootkit).

Why it matters to us: This is a physical-access risk, not a network threat, but it defeats every OS-level control — including Secure Enclave credential protections — on affected hardware. For high-security estates the practical questions are MDM supervised-mode enforcement (which can detect unmanaged DFU connections), physical custody of devices, and retiring A12/A13 hardware where physical control cannot be guaranteed.