Usbliter8 is a BootROM exploit disclosed by Paradigm Shift that affects iPhones with A12 and A13 chips (e.g., iPhone XS, XR, 11) and Apple Watches with S4 and S5 chips. It exploits a USB controller bug and device firmware configuration weakness in Apple's SecureROM, which is immutable hardware code forming the root of the secure boot chain. The exploit triggers an out-of-bounds write via crafted USB setup packets sent through a connected microcontroller device, enabling privilege escalation and arbitrary code execution at the lowest device level before the OS boots. This bypasses Apple's signature verification, allowing loading of unsigned firmware or lowering device security. The Secure Enclave Processor remains uncompromised directly, but the exploit broadens potential attack vectors against it. The vulnerability is unpatchable by software updates due to its hardware nature. The exploit requires physical USB access and specialized hardware. A proof-of-concept has been released. Apple has not issued a public response or patch.

The exploit allows attackers with physical USB access to gain full control over the device's processor at boot level, bypassing Apple's secure boot protections and signature checks. This enables loading of unsigned firmware and lowering of device security settings. Although user data and the Secure Enclave Processor are not directly compromised, the exploit expands attack possibilities against device security. The vulnerability affects millions of devices with A12/A13 chips and cannot be mitigated by software updates, leaving affected devices permanently vulnerable to this class of hardware attack. The exploit is not remotely executable and requires physical access with specialized USB hardware.

No software patch or update can remediate this hardware-level vulnerability. Since the exploit requires physical USB access, limiting physical access to devices is the primary mitigation. Users and organizations should be aware that affected devices remain vulnerable indefinitely. Apple has not provided an official fix or mitigation guidance. Monitor official Apple advisories for any future updates. For forensic or security professionals, awareness of this exploit is critical when handling affected devices.