USBLITER8: Apple SecureROM BootROM Exploit Analysis

On June 18, 2026, security research firm Paradigm Shift published "usbliter8" — a novel BootROM exploit targeting Apple's A12 and A13 SoCs, along with S4 and S5 chips used in Apple Watch. The exploit leverages two compounding weaknesses: a hardware bug in the Synopsys DWC2 USB controller and a firmware configuration flaw in which USB DART is configured in bypass mode on affected SoCs. Together, these allow an attacker to corrupt SRAM via crafted USB packets in DFU (Device Firmware Update) mode, ultimately gaining EL1-privileged code execution before iOS ever loads. Because these vulnerabilities reside in immutable BootROM code burned into silicon at manufacture, no software update can address them. Paradigm Shift reported their findings to Apple Product Security prior to publication; as of June 19, 2026, no CVE had been assigned and no in-the-wild exploitation had been reported.