13freakbloG

Home of Exo Rom's

Usbliter8 Exploit Breaks Apple A12 and A13 Securerom Boot


 

Security research firm Paradigm Shift has publicly disclosed an exploit called
USBLiter8, capable of executing arbitrary code within the SecureROM (BootROM) of Apple’s A12 and A13 chips, as well as the S4 and S5 SoCs used in the Apple Watch. Unlike the vast majority of vulnerabilities covered in this space, the flaw doesn’t live in a line of code that can be fixed with an update: it’s permanently etched into the silicon during chip manufacturing.

This is not a remote attack. It requires physical possession of the device, which must be in DFU mode and connected via USB to a dedicated RP2350-based microcontroller board. With that setup, the exploit finishes in under two seconds, before Apple's signed boot chain loads.

The problem in one line

Anyone with physical access to one of these devices, a USB cable, and a low-cost microcontroller board could, in under two seconds, execute their own code within the very first link of the secure boot chain. No prior jailbreak. No software exploits. No future update can ever reverse it.

That’s USBLiter8.