Last week, a European security research group called Paradigm Shift dropped something that rattled the iPhone security world. They published a working exploit — full proof-of-concept code and everything — for a flaw so deep inside certain iPhones that Apple literally cannot patch it. Not won’t patch it. Cannot. The bug is burned into the chip at the factory. Software updates cannot reach it.
The exploit is called usbliter8. It targets the BootROM — the very first code that runs the moment you press the power button on your iPhone — on devices with Apple’s A12 and A13 chips. That covers iPhone XS, iPhone XR, iPhone 11, iPhone SE second generation, and a bunch of iPad and Apple Watch models too. If you still have any of those, your device will carry this vulnerability for the rest of its life. No update will fix it. No restore will fix it. No iOS 27 will fix it. The bug is in silicon.
I spent a good chunk of last Thursday reading through their technical writeup and, honestly, some of it went over my head on first read. But I figured it out eventually and it’s actually a fascinating story about how one tiny mistake in a USB controller ends up breaking the most protected part of an iPhone.
What Is the BootROM and Why Does It Matter
So here’s some background that helps make sense of all this.
When you turn on your iPhone, it doesn’t just jump straight into iOS. There’s a whole chain of stuff that happens before you see the Apple logo. The very first thing that runs is called the BootROM, or SecureROM. This is a tiny piece of code burned directly into the chip during manufacturing. It’s read-only. Nobody can modify it after the chip leaves the factory — not Apple, not you, not anyone.
The job of the BootROM is to check that everything else loading up after it is legitimate Apple software. It verifies digital signatures. If something doesn’t match, it refuses to boot. This is the foundation of what Apple calls the “chain of trust” — everything builds on top of this one piece of verified, read-only code.
So if you can break the BootROM, you break the whole chain. You can run whatever code you want before iOS even starts. You can bypass signature checks. You can boot modified software. You can do things to the device that no software-level iOS update could ever touch or detect.
This is why BootROM exploits are such a big deal. And also why they’re so rare.
The Technical Bit: A USB Controller With a Math Problem
The actual bug is in the USB controller built into these chips. Specifically, it’s in how the controller handles a thing called DMA — direct memory access — when the phone is in DFU mode.
DFU mode is Apple’s deep recovery mode. You use it when you need to do a full iPhone restore. In this mode, the USB controller is responsible for receiving data packets from a connected computer. It stores those packets in a memory buffer. This all sounds completely normal and boring until you look at exactly how it manages that buffer.
The USB controller keeps track of where in memory to write the next packet using a register called DOEPDMA. After receiving four packets, it resets this register by subtracting 24 from its current value. Simple enough. Except — the register was being incremented based on how much data was actually received, not based on a fixed amount. So if you send smaller packets, the math breaks. The reset decrement (always 24) doesn’t match what was added, and you end up with the pointer drifting backward into memory it was never supposed to touch.
Paradigm Shift’s team figured out they could exploit this to write data into completely wrong parts of memory. From there, on A12 chips, the memory layout made it relatively straightforward to get code execution. On the A13, Apple had added Pointer Authentication Codes as an extra defense, which gave the researchers a lot more headaches. They had to corrupt heap structures, manipulate an internal error counter to stop the phone from rebooting mid-attack, and then overwrite a USB interrupt handler to take control. Multi-step, messy, genuinely hard to pull off — but they got there.
The whole attack, once everything is set up, runs in under two seconds.
This Has Happened Before: The checkm8 Comparison
For anyone who was following iPhone security back in 2019, this story has a familiar shape.
In September 2019, a researcher going by axi0mX dropped checkm8 — a BootROM exploit that affected every iPhone from the 4S (A5 chip) through the iPhone X (A11 chip). Permanent, unpatchable, hardware level. The jailbreaking community went absolutely wild. Tools like checkra1n were built on top of it and worked reliably on those older devices for years. Forensic tools used by law enforcement started relying on it too.
checkm8 didn’t affect A12 and A13 chips though. Those were considered clean. But now usbliter8 picks up right where checkm8 left off, covering exactly the next generation of chips that checkm8 couldn’t touch. iPhone XS, XR, 11 — all of them now have their own permanent BootROM exploit.
The reason A11 chips escaped usbliter8 is kind of interesting. On A11, the USB driver resets memory addresses in a slightly different way that happens to prevent the attack path from working. A14 and newer chips are also fine, because Apple corrected the USB memory protection configuration going forward. It’s only A12 and A13 that ended up sitting in this weird gap — too new for checkm8, just old enough to have the misconfiguration that usbliter8 targets.
So if you have an iPhone X or older, you already had checkm8 to worry about. If you have an iPhone 12 or newer, you’re fine. But if you’re somewhere in that XS through 11 range? That’s now where usbliter8 lives, permanently.
What Attackers Can Actually Do With This
Okay so this sounds terrifying but let me be a bit more specific about what the exploit actually allows.
Once usbliter8 gets code execution in SecureROM, an attacker can boot unsigned iBoot images — meaning modified iOS that Apple never signed off on. They can lower the device’s security settings. They can install a custom handler that survives restarts. As a kind of signature, the exploit also writes “PWND” into the device’s USB serial number, which is a tradition carried over from checkm8 and earlier exploits going back years.
What they cannot do, at least not directly: get into your photos, messages, or encrypted data. Apple’s Secure Enclave Processor — the separate chip-within-a-chip that protects your passcode and handles encryption — is a different component and is not compromised by usbliter8. Your data, in theory, stays protected.
The Paradigm Shift team was upfront about one caveat though. They said that while usbliter8 doesn’t hit the Secure Enclave directly, breaking the application processor’s boot chain “opens wider attack vectors to compromise the Secure Enclave.” Which is honest of them but also a bit alarming to say out loud.
And there’s one more thing that really matters here. This is not a remote attack. Not even slightly. To pull it off, you need physical access to the device, a USB cable, the device has to be manually put into DFU mode, and you need a specific RP2350-based microcontroller board to run the exploit. Someone cannot hack your iPhone XR from across the internet using this. Your phone sitting in your pocket or on your desk is fine.
Every Device That’s Actually Affected
Before we get into who needs to worry, it’s worth being specific about the full list. Because it’s not just iPhones.
The A12 chip showed up in the iPhone XS, XS Max, and XR — all launched in 2018. The A13 is in the iPhone 11, 11 Pro, 11 Pro Max, and the second-gen iPhone SE from 2020. That’s a lot of devices still in active daily use. But usbliter8 also hits the S4 and S5 chips used in Apple Watch Series 4 and 5, and the first-generation Apple Watch SE. The iPad side is affected too: iPad Air 3rd generation, iPad mini 5th generation, and the 9th-generation iPad all run affected chips. Even the HomePod mini and second-generation Apple TV 4K are technically in scope here.
So it’s actually a bigger surface area than just a couple of iPhone models. Paradigm Shift also noted that the A12X and A12Z — used in the 2018 and 2019 iPad Pro lineup — could theoretically be vulnerable to a similar attack, but they didn’t implement support for those in their proof of concept. So that’s still an open question as of now.
And again: every single one of those devices will carry this vulnerability forever. Not until the next iOS update. Forever.
Who Actually Has to Worry
For most people with an affected iPhone, the honest answer is: not much changes day to day.
An attacker needs to physically hold your phone. They need you to be unable to stop them from connecting it to their hardware and putting it in DFU mode. Those are significant requirements. This isn’t the kind of bug criminals use in phishing attacks or spam campaigns.
But there are groups where this matters more. Law enforcement already uses tools like GrayKey and Cellebrite to extract data from iPhones. Those tools are constantly racing against Apple’s security updates. A reliable BootROM exploit makes forensic extraction much easier on affected devices, and that cuts both ways — it helps legitimate investigations but it also means a stolen phone in the right hands is more exposed than it was before.
For people in higher-risk situations — journalists, activists, lawyers dealing with sensitive work — the advice from Paradigm Shift is basically: upgrade to something with an A14 chip or newer. An iPhone 12 or later. The older hardware just has a hole that will never close.
Enterprise security teams with iPhones in sensitive roles need to think about this as a hardware retirement problem, not a software patch problem. You can’t install your way out of it.
The other group that has to think about this carefully is anyone whose device might get confiscated — at a border crossing, during a protest, or in any situation where your phone ends up in someone else’s hands for a period of time. A strong passcode still matters because the Secure Enclave protects your encrypted data, but a compromised boot chain opens up possibilities that we might not fully understand for months, as researchers dig deeper into what usbliter8 actually enables beyond what Paradigm Shift showed in their initial release.
The Proof of Concept Is Already Public
One thing that makes this different from some security disclosures is that Paradigm Shift published the full proof-of-concept code on GitHub alongside their writeup on June 18, 2026. The GitHub repo picked up over 280 stars within just a few hours of going live. By the next morning it was being discussed on basically every security-focused forum and Discord server that pays attention to this stuff.
They coordinated with Apple Product Security before publishing, and Apple’s team apparently engaged well throughout the process. There’s no CVE assigned as of right now, and Apple has not released any security advisory — which makes sense, because there’s nothing they can say in an advisory except “we know, we cannot fix it, please upgrade.”
That’s actually an unusual position for Apple to be in. They’re very good at issuing rapid patches when serious iOS vulnerabilities surface. The whole ecosystem is built around the expectation that Apple will fix things. This is a situation where the fix just doesn’t exist. The advisory would be: buy a newer phone.
The jailbreaking community is already paying close attention. checkm8 took a while to turn into polished jailbreak tools — checkra1n took a few months after checkm8 dropped in September 2019 to become something normal people could use. But the jailbreaking community is more experienced now, and the research foundation from usbliter8 is already solid. usbliter8-based jailbreaks for iPhone 11 and XS are probably a matter of months away, not years.
What’s less clear is the forensics angle. checkm8 became a cornerstone of commercial iPhone forensics tools, used by police departments and intelligence agencies around the world. Those tools charge thousands of dollars per extraction. There’s no public indication yet that any commercial forensics company has usbliter8 support in the works, but given what checkm8 became, it seems like only a matter of time.
What Should You Do
If you have an iPhone XS, XR, or any iPhone 11 model, you haven’t suddenly become a target. The practical risk for everyday use is pretty low. But a few things are worth keeping in mind.
Don’t plug your phone into USB ports you don’t control. Airport charging stations, random computers, unfamiliar cables — these were already a bad idea in general. They’re a slightly worse idea now, though usbliter8 still needs DFU mode, which doesn’t trigger from just plugging in a charging cable. A random USB port at a café is not going to run this exploit on you.
Keep a strong passcode. This matters more than people usually think. Even if someone gets past the boot chain, your Secure Enclave is still doing its job protecting your encrypted data. A six-digit PIN is genuinely not enough anymore — use something longer if you care about this.
If you’re in a situation where the physical security of your device matters — if you travel internationally, work with sensitive information, or are just the kind of person who thinks about these things — this is a reasonable prompt to consider upgrading. An iPhone 12 costs very little now compared to when it launched in late 2020. The A14 chip in that phone is not affected by usbliter8, and it won’t be.
And if you’re someone who was holding out on jailbreaking their iPhone 11 because nothing reliable existed, well. Watch that GitHub repo.
The bigger picture here is actually something worth thinking about. Hardware bugs are different from software bugs in one important way: you can’t patch your way out. Apple can push iOS 27, iOS 28, iOS whatever — none of it will ever reach the BootROM on an A12 or A13 chip. The same read-only property that makes the BootROM trustworthy in the first place is exactly what makes a vulnerability in it permanent. It’s not a flaw in Apple’s patch process. It’s just how chip security works.
usbliter8 is a reminder that at some point, every piece of hardware becomes a security liability. The iPhone XS launched just eight years ago and at the time had the best mobile chip security in the world. Now it has a hole that will never be fixed. That’s not a failure — that’s just how technology ages. At some point the only real answer is newer hardware, and for A12 and A13 devices, that point has arrived a little earlier than anyone expected.