Paradigm Shift researchers exposed usbliter8, an unpatchable boot‑ROM flaw that lets attackers hijack startup on devices with Apple A12 and A13 chips. The exploit chains a USB‑controller bug with a firmware mis‑config, delivering crafted packets while a device sits in DFU mode. Once in memory, attackers bypass signature checks before iOS loads.

Affected SoCs include A12, S4, S5, and A13. Devices hit are iPhone XR, XS/XS Max, iPad Air 3, iPad mini 5, iPad 8, Apple TV 4K S4, Apple Watch Series 4S, Watch Series 5, Watch SE, Home Pod mini, iPhone 11/11 Pro/Pro Max, iPhone SE 2, iPad 9, Studio Display. A12X/Z support is possible but unimplemented.

Because the flaw touches the boot ROM, Apple cannot patch it through software. Users with affected hardware face only migration to newer models as a remedy. The discovery mirrors the older checkm8 hole that spawned jailbreaks, suggesting usbliter8 could open similar jailbreak avenues or targeted attacks on legacy devices.

Paradigm Shift released a proof‑of‑concept on GitHub that gathered 280 stars in hours, underscoring the community’s urgency. Security teams praised the researchers’ cooperation with Apple, who responded swiftly. The public disclosure forces the industry to revisit boot‑ROM hardening, highlighting that even silicon‑level safeguards can harbor fatal, unpatchable bugs.