Security researchers have released a working exploit called ‘usbliter8’ that targets a hardware-level vulnerability in Apple’s A12 and A13 chips, achieving arbitrary code execution within the SecureROM — the foundational boot code burned permanently into the silicon. Because the flaw exists in read-only memory, Apple cannot patch it via software updates. The attack requires physical USB access to the device, but any affected device remains permanently vulnerable for its operational lifetime.

Security Architect’s Take: Review your organisation’s mobile device and endpoint policies for any iPhone XS, XR, or equivalent A12/A13-era devices used to access cloud management consoles, VPNs, or sensitive SaaS platforms. Consider accelerating refresh cycles for these devices and enforcing compensating controls such as conditional access policies that factor in device hardware generation.

Original advisory: Unpatchable ‘usbliter8’ Exploit Breaks Apple A12 and A13 SecureROM Boot Chain