What the A12/A13 BootROM Flaw Is and Why It Matters
The iPhone security flaw in Apple’s A12 and A13 chips is an unpatchable vulnerability in the BootROM, the immutable code that runs first when a device powers on and anchors the secure boot process, allowing a physical attacker with USB access during startup to load unauthorized code before iOS and normal protections fully activate. This problem, disclosed by security firm Paradigm Shift as the usbliter8 BootROM exploit, affects iPhone XS through the iPhone 11 lineup, the second‑generation iPhone SE, select iPads, Apple Watch Series 4 and 5, and HomePod mini. The bug lives in read-only memory burned into the chip, so Apple cannot fix it with any software update. Like the earlier checkm8 exploit on A5–A11 devices, it breaks the secure boot chain at a hardware level, creating a permanent weak point on affected models.

How the usbliter8 BootROM Exploit Works on A12 and A13 Chips
Usbliter8 targets the SecureROM implementation that controls USB during early boot on A12 and A13 chips. According to Paradigm Shift, the weakness lies in the Synopsys DWC2 USB controller, which handles incoming USB setup data via direct memory access. Under carefully crafted conditions, malformed USB packets cause a memory pointer to move backward and overwrite protected regions. On vulnerable devices, Apple’s configuration of the DART memory protection unit allows those unintended writes to reach critical system memory, giving an attacker a way to take control of execution before Apple’s signed code fully loads. The exploit can bypass signature checks, temporarily lower security controls, and boot unsigned iBoot images, and it even tags compromised devices by writing “PWND” into the USB serial number. Devices using A11, A14, and newer chips avoid the flaw thanks to different USB handling and stricter DART settings.
Real-World Risk: Why Physical Access Changes the Threat
Despite sensational headlines about a new iPhone security flaw, the usbliter8 BootROM exploit is not a remote attack. To use it, an attacker needs physical possession of your device, a USB cable, and a microcontroller-based tool such as a Raspberry Pi Pico, and must interact with the phone during Device Firmware Update (DFU) mode at boot. That combination sharply limits who is at real risk. Your passcode and data encryption remain in place, and the Secure Enclave Processor (SEP) is not directly broken by the exploit. Researchers note that “although usbliter8 doesn’t affect SEP itself, it opens up wider attack vectors to compromise the Secure Enclave,” meaning sustained access and advanced skills would still be required to try to go further. For most people, the main concern is custody: who can physically get to your phone and for how long.
Which iPhones Are Affected—and Why Apple Cannot Patch Them
This unpatchable vulnerability affects Apple’s A12 and A13 chip families, including iPhone XS, iPhone XR, the entire iPhone 11 lineup, and the second‑generation iPhone SE, as well as certain iPads and Apple Watch models using S4 and S5 chips. The flaw lives in SecureROM, also called BootROM, which is written into read-only memory during manufacturing. Because that code is physically part of the silicon, it cannot be changed through iOS updates, firmware revisions, or security patches. Paradigm Shift’s disclosure shows that A11-based devices are spared due to their USB driver resetting DMA addresses differently, while A14 and newer chips ship with tighter DART memory protection that blocks the attack. As privacy-focused groups have summarized, moving to newer hardware is the only way to fully remove this specific BootROM exploit from your threat surface.
Practical Steps: Reducing Your Exposure and Planning Your Upgrade
If you use an iPhone with an A12 or A13 chip, you cannot eliminate the BootROM exploit with software, but you can reduce your real risk. First, treat physical security as your primary defense: keep your phone on you, avoid leaving it unlocked or unattended, and be cautious when handing it over at security checkpoints or repair shops. Use a long, unique passcode instead of a simple 4‑ or 6‑digit code, and enable features like Face ID or Touch ID to make casual access harder. Disable USB accessories when locked if your settings allow, limiting data access over the Lightning port. High‑risk users such as journalists, activists, and executives should be especially wary of situations where devices could be held in DFU mode with a cable attached. Over the longer term, upgrading to an A14‑based or newer iPhone is the only way to permanently remove this hardware flaw.






