Home > Security > Security News

Usbliter8 Exploit Targets Apple SecureROM in Older iPhones, iPhone XS–11

Published
Written by:
Lore Apostol
Lore Apostol
Cybersecurity Writer
Apple Logo, menu icons
Summarize with:
ChatGPT logo ChatGPT Claude.ai logo Claude.ai Google AI logo Google AI Grok logo Grok Perplexity logo Perplexity
Google logo Add as preferred source on Google
Key Takeaways
  • SecureROM Targeted: Usbliter8 BootROM exploit affects iPhones and Apple Watch devices.
  • Physical Access: The exploit chains a USB controller bug and a device firmware configuration weakness, requiring physical USB access to the target.
  • Unpatchable Flaw: Because the code is immutable, the flaw cannot be patched via software.

A  new, unpatchable Apple SecureROM flaw exploit was discovered. The exploit,  which was dubbed Usbliter8 by cybersec researchers. chains two flaws to trigger an out-of-bounds write, letting the attacker overwrite critical memory, escalate privileges, and execute arbitrary code with full system privileges

Cybersecurity company Paradigm Shift published a proof-of-concept (POC) code, reviving concerns about hardware-level flaws hardcoded permanently into Apple's silicon.

How the Usbliter8 Exploit Works

Usbliter8 chains a USB controller bug with a device firmware configuration weakness, the report said. Conducting an attack requires physical USB access, with the attacker connecting a microcontroller board such as a Raspberry Pi Pico 2 and sending crafted USB setup packets. 

A proper Setup transaction consists of two packets sent by the host | Source: Paradigm Shift
A proper Setup transaction consists of two packets sent by the host | Source: Paradigm Shift

The report says Apple's signature checks are bypassed, enabling code execution at the device's lowest level before the OS loads. Affected devices are all released in 2018 and 2019:

Apple's Secure Enclave Processor (SEP), which protects user data, is not directly compromised. However, Paradigm Shift noted the exploit opens up wider attack vectors to compromise the Secure Enclave.

Mitigation and Apple's Response

Because SecureROM is immutable, the vulnerability cannot be fixed with a software update, so migrating to newer hardware is the most effective mitigation. 

Apple confirmed that iPhone, iPad, and Watch devices with A14/S6 or newer chips and Macs are not affected and that user data cannot be directly accessed via the exploit, which does not bypass data protection mechanisms. 

While Paradigm Shift reported its findings to Apple before public disclosure, the company noted that the vulnerability had been fixed years earlier in its newer devices.

In April, Apple released fixes for a bug exposing deleted chat messages via logged notifications and the DarkSword iOS exploit. In March, a newer version of the DarkSword iPhone spyware exploit kit leaked on GitHub, and the Coruna iPhone hacking tool began to be used widely by cybercriminals. 

Add a Comment
Related
Meta 3D Logo
Meta Pauses Model Capability Initiative (MCI) Over Data Security Concerns
WhatsApp VBScript Campaign Installs ManageEngine RMM, Kaspersky Warns
One unlocked padlock among locked padlocks
Tata Electronics Confirms Data Breach Affecting Apple, Tesla Supplier
OXLOADER: New Windows Loader Drops CASTLESTEALER via Google Ads
Texas Parks & Wildlife (TPWD) Data Breach Affects 3 Million Individuals
Brazil Suspects Hack Behind Unauthorized 'Misanthropy' National Phone Alert
Most Popular
Meta 3D Logo
Meta Pauses Model Capability Initiative (MCI) Over Data Security Concerns
WhatsApp VBScript Campaign Installs ManageEngine RMM, Kaspersky Warns
One unlocked padlock among locked padlocks
Tata Electronics Confirms Data Breach Affecting Apple, Tesla Supplier
The Next AI Operations Challenge: From Seeing Problems to Solving Them With Zero-Touch Visibility
OXLOADER: New Windows Loader Drops CASTLESTEALER via Google Ads
Texas Parks & Wildlife (TPWD) Data Breach Affects 3 Million Individuals
Meta Pauses Model Capability Initiative (MCI) Over Data Security Concerns
WhatsApp VBScript Campaign Installs ManageEngine RMM, Kaspersky Warns
Tata Electronics Confirms Data Breach Affecting Apple, Tesla Supplier
The Next AI Operations Challenge: From Seeing Problems to Solving Them With Zero-Touch Visibility
OXLOADER: New Windows Loader Drops CASTLESTEALER via Google Ads
Texas Parks & Wildlife (TPWD) Data Breach Affects 3 Million Individuals

Most Popular
Meta 3D Logo
Meta Pauses Model Capability Initiative (MCI) Over Data Security Concerns
WhatsApp VBScript Campaign Installs ManageEngine RMM, Kaspersky Warns
One unlocked padlock among locked padlocks
Tata Electronics Confirms Data Breach Affecting Apple, Tesla Supplier
The Next AI Operations Challenge: From Seeing Problems to Solving Them With Zero-Touch Visibility
OXLOADER: New Windows Loader Drops CASTLESTEALER via Google Ads
Texas Parks & Wildlife (TPWD) Data Breach Affects 3 Million Individuals
Meta Pauses Model Capability Initiative (MCI) Over Data Security Concerns
WhatsApp VBScript Campaign Installs ManageEngine RMM, Kaspersky Warns
Tata Electronics Confirms Data Breach Affecting Apple, Tesla Supplier
The Next AI Operations Challenge: From Seeing Problems to Solving Them With Zero-Touch Visibility
OXLOADER: New Windows Loader Drops CASTLESTEALER via Google Ads
Texas Parks & Wildlife (TPWD) Data Breach Affects 3 Million Individuals

TechNadu keeps you informed with the latest in cybersecurity, VPNs, and technology. From expert guides to in-depth reviews, we provide the knowledge you need to stay secure and connected in the digital world.

© 2026 TechNadu. All Rights Reserved. TechNadu is a part of Leaprove Media LLP.

Close lightbox
Facebook
Twitter
Linkedin
Reddit
Email
Copy Link
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: