USB exploit breaks Apple A12 and A13 chips forever
A team of security researchers has just demonstrated that a single USB cable can silently take control of Apple’s A12 and A13 processors—permanently. The exploit, named usbliter8, executes malicious code inside the chips’ SecureROM, the immutable boot code burned into silicon at the factory. Because SecureROM cannot be patched by Apple’s software updates, every iPhone, iPad, or other device powered by these chips now carries an unpatchable flaw that persists for the lifetime of the hardware.
A crack in the first line of defense
SecureROM is the first gatekeeper that verifies a device’s operating system before it can boot. By gaining a foothold there, an attacker can sidestep iOS security measures and load unsigned firmware, effectively turning a locked-down device into an open platform. The researchers emphasize that the attack is not remote: it requires physical access and a connected USB device, but once plugged in, the exploit runs with no user interaction or additional permissions.
What it means for users and the industry
Apple’s A12 and A13 chips debuted in 2018 devices such as the iPhone XS and iPad Pro. With millions still in daily use, the flaw widens the window for sophisticated attacks—perhaps during repair, inspection, or temporary access. Unlike software bugs that Apple can fix with a patch, this vulnerability is etched into the hardware. The only practical mitigations are avoiding untrusted USB peripherals or disabling data transfer when the device is unattended. For now, the discovery underscores a growing reality: as chips age, their immutable code can become the weakest link in an otherwise secure ecosystem.
Source: The Hacker News. AI-assisted editorial synthesis — TechnoExpress.