Paradigm Shift's usbliter8 Exploit Breaks Apple A12/A13 SecureROM

Most security vulnerabilities come with an eventual fix, even if the patch takes months to ship. The exploit that security researchers at Paradigm Shift published on June 18, 2026 does not have that trait. Dubbed usbliter8, it achieves arbitrary code execution inside the SecureROM of Apple's A12 and A13 chips, and as The Hacker News reports, the code it targets is burned into the silicon at manufacture. No software update can reach it.

The root cause is a hardware flaw in the Synopsys DWC2 USB controller, one that creates a repeatable buffer underflow stepping the write pointer backwards through memory 12 bytes at a time. Exploitation is not remote: it requires physical possession of the device in DFU mode, connected via USB to a dedicated RP2350-based microcontroller board. With that setup, the exploit finishes in under two seconds, before Apple's signed boot chain loads. From there, an attacker can temporarily demote the SoC's production mode or boot a raw, unsigned iBoot image, as documented in Paradigm Shift's proof of concept, stepping outside Apple's chain of trust entirely.

The affected device range is broad: the iPhone XS, XS Max, and XR; the iPhone 11, 11 Pro, and 11 Pro Max; the iPhone SE (2nd generation); the iPad Air 3rd gen, iPad mini 5th gen, and iPad 8th gen; Apple Watch Series 4 and 5; the first-generation Apple Watch SE; and HomePod mini.

The honest caveat is that the research does not clarify whether post-exploitation reaches the Secure Enclave Processor and encrypted user data, or only the application processor boot chain. Those are very different threat levels, and the distinction matters enormously for assessing real-world risk. What the reporting also does not give you is any substantive Apple response beyond the coordinated disclosure acknowledgment, or whether MDM-level restrictions on DFU mode can serve as a mitigation for managed enterprise fleets.

For jailbreak communities, this is a durable, hardware-rooted entry point across a large installed base that survives any future software update. For enterprises carrying older Apple devices, the threat model for lost or stolen hardware has changed in a way that cannot be resolved by pushing a patch.