Security researchers at Paradigm Shift exposed a BootROM flaw that lets attackers hijack Apple’s A12 and A13 chips. The flaw, dubbed usbliter8, survives software patches because it resides in hardware that never updates. Devices from the iPhone XS to the iPhone 11 remain exposed, extending the legacy of the 2019 checkm8 attack worldwide today.

The exploit targets a USB controller bug that mismanages packet buffers during boot. By sending crafted tiny packets, attackers force a pointer to walk backward, overwriting protected memory. A12 devices grant quick code execution, while A13’s Pointer Authentication Codes force a lengthy workaround before the attacker gains processor control over the device's firmware and security.

Once inside, the code installs a persistent handler that lowers security settings and boots unsigned software without verification. The handler also stamps the iPhone’s USB serial number with the classic “PWND” tag, a hallmark of prior BootROM exploits. Although the Secure Enclave stays untouched, the breach opens broader attack vectors for malicious actors today.

Paradigm Shift reported the flaw to Apple Product Security before publishing, and the firm collaborated on a coordinated disclosure. A full proof‑of‑concept code accompanies the write‑up on the ps.tc site. The discovery confirms that BootROM vulnerabilities remain a permanent threat, forcing users to accept legacy risks for current generation users today.