New unpatchable exploit targets Apple devices with A12 and A13 chips

Researchers at Paradigm Shift have dropped a significant bombshell in the mobile security community. They published the technical details of usbliter8, a new vulnerability that targets the very foundation of Apple's hardware security. This is not just another app-level bug. It is a deep-seated issue within the BootROM of devices powered by Apple’s A12 and A13 chips.

The most alarming aspect of this discovery is its permanence. Unlike typical software bugs that can be squashed with a quick iOS update, this flaw resides in read-only memory. This means it is unpatchable through standard means. Once the hardware is manufactured with this flaw, it remains vulnerable for the entire lifespan of the device. There is no software fix that can reach into the silicon and repair the defect.

This vulnerability enables arbitrary code execution on the affected devices. In practical terms, this gives an attacker the keys to the kingdom. They can run any code they choose, bypassing the strict sandboxing that Apple is famous for. This level of access allows for complete control over the device, including the ability to read encrypted data or install persistent malware that survives factory resets.

The scope of this issue is substantial. The A12 and A13 chips power a wide range of popular devices. This includes the iPhone XS, XR, 11, and 12 series, as well as various iPad models. Millions of users are potentially exposed to this risk. The longevity of these devices means that many people are still using them as their primary daily drivers.

This situation highlights a growing tension in the tech industry. As hardware becomes more complex, the attack surface for permanent vulnerabilities expands. Software companies often rely on the assumption that they can patch issues remotely. When that assumption breaks down due to hardware-level flaws, the security model of the entire ecosystem is called into question.

For enterprise users and privacy-conscious individuals, this is a wake-up call. You can no longer assume that your device is secure just because it is running the latest version of iOS. The hardware itself may have inherent weaknesses that no amount of software diligence can correct. This shifts the burden of security back onto physical possession and careful usage habits.

What this means for you: Since you cannot patch this flaw, your best defense is operational security. Avoid connecting your device to untrusted computers or public charging stations that could exploit this BootROM vulnerability. If you are using an A12 or A13 device for sensitive work, consider keeping it offline when not in active use. You can try this workflow with an AI assistant to audit your digital footprint: Ask your AI tool to generate a checklist of physical security best practices for mobile devices, focusing on scenarios where the device is unattended or connected to unknown peripherals.