A newly disclosed unpatchable flaw in the boot code baked into Apple's A12 and A13 chips (the silicon in iPhone XS, XR, 11, and 11 Pro) cannot be patched by any software update; researchers traced the root cause to a USB controller block Apple licensed from third party chip…
Researchers have told millions of iPhone owners there is no patch coming for a newly disclosed hardware vulnerability — only a new phone.
Security researchers at Paradigm Shift released a BootROM exploit, dubbed "usbliter8", that targets Apple's A12 and A13 processors found in the iPhone XS, XR, 11, and 11 Pro. The flaw lives in SecureROM — immutable code burned into silicon at the factory — making it impossible to fix with any iOS or firmware update. The only mitigation, the researchers said, is a newer device.
The root cause traces to a component Apple did not design itself. According to the researchers, the vulnerability sits in the Synopsys DesignWare USB controller that Apple licensed as part of its A12 and A13 chip designs. A flaw in how that IP block handles certain USB setup packets during Device Firmware Update (DFU) mode allows attackers to corrupt memory and ultimately seize control of SecureROM itself — the foundation of Apple's chain of trust on these devices.
The supply-chain origin distinguishes this from a typical Apple engineering mistake. Because the defective component was licensed from a third-party silicon vendor, the flaw is structurally baked into the hardware from the moment it leaves the factory. Apple cannot patch it without replacing the chip.
For most iPhone owners, the practical risk remains low. Exploitation requires physical access to the device and the ability to place it into DFU mode — a high bar that makes the exploit unsuitable for remote attacks or phishing campaigns. But for security researchers and forensic analysts, unpatchable BootROM flaws are a different kind of asset: they remain exploitable for the entire lifespan of the hardware, enabling work that outlasts every iOS update cycle.
Paradigm Shift's proof-of-concept demonstrates running unsigned code during the boot process, loading custom iBoot images without signature checks, and modifying DFU behavior. The researchers marked compromised devices with the string "PWND" — a marker familiar to the jailbreaking and forensic research communities. The parallel to the 2019 checkm8 disclosure, which targeted A5 through A11 devices, is explicit in the research community's framing of the work.
Not every iPhone generation is affected. Apple's A11 chips use a different USB implementation and are not vulnerable to this attack path. A14 and later hardware appears to have addressed the underlying conditions that make the exploit possible.
Apple had not commented at time of publication.
Apple declined to comment.