Paradigm Shift, a Barcelona cybersecurity firm, has disclosed an unpatchable iPhone BootROM vulnerability affecting older Apple devices, one that cannot be fixed with a software update. The firm published technical details and a working proof of concept for the exploit, which it calls usbliter8, on Friday. The flaw sits in the Boot ROM, the first code that runs when an iPhone starts up, and gives anyone with physical access to the phone a way to seize control of the boot process.
The exploit targets Apple’s A12 and A13 chips, the silicon that powers the iPhone XS, XR, and iPhone 11 family, plus the Apple Watch Series 4 and 5, the first-generation Watch SE, the iPad Air 3, iPad mini 5, iPad 8 and 9, the second-generation iPhone SE, the second-generation Apple TV 4K, and the Studio Display. Cellebrite and Magnet Forensics, two of the larger digital forensics firms, have long sold access tools that use comparable techniques to law enforcement and intelligence agencies, TechCrunch reports, and the public write-up gives those tools a published technical reference for the first time.
What Paradigm Shift Just Published
Paradigm Shift is a small Barcelona outfit that sells offensive security work to governments and to the kind of customers who need to break into locked phones. On Friday the company published a long technical post on the full usbliter8 write-up Paradigm Shift published, alongside a proof-of-concept project on GitHub that hit more than 280 stars within hours of going live, according to 9to5Mac. The disclosure, which requires physical access to exploit, lands as the first public BootROM write-up of its kind for the A12 and A13 generation.
The write-up names the flaw usbliter8 and credits the research to the Paradigm Shift team. It explains that the bug lives in the USB controller built into Apple’s A12 and A13 system-on-chips, the same Synopsys DesignWare USB 2.0 controller that ships in many mobile processors. The 9to5Mac report on the disclosure lists the full set of affected devices, broken out by the chip inside. Paradigm Shift added that technical support for the A12X and A12Z variants is possible but not currently implemented, which would extend the list to the 2018 and 2020 iPad Pro lineups.
| Chip | Affected devices |
|---|---|
| A12 | iPhone XR, iPhone XS, iPhone XS Max, iPad Air 3, iPad mini 5, iPad 8, Apple TV 4K (2nd generation) |
| S4 | Apple Watch Series 4 |
| S5 | Apple Watch Series 5, Apple Watch SE (1st generation), HomePod mini |
| A13 | iPhone 11, iPhone 11 Pro, iPhone 11 Pro Max, iPhone SE (2nd generation), iPad 9, Studio Display |
The company did not respond to a list of questions sent by TechCrunch. The disclosure was coordinated with Apple Product Security before publication, 9to5Mac reports, and Apple’s security team engaged constructively in the process. Apple has, in past BootROM incidents, chosen to thank researchers privately rather than issue a public advisory when the affected hardware cannot be patched.
Why No Software Update Can Fix It
The Boot ROM is the very first piece of code that runs when an iPhone powers on. It is stored as immutable code burned into the chip at the factory, and it cannot be modified, replaced, or patched once the device ships. Any bug that lives in the Boot ROM stays in the Boot ROM, on every device built around that chip, for the life of the hardware. That is the part that makes any BootROM vulnerability, including usbliter8, unfixable in software, and it is the reason Paradigm Shift’s own write-up points users toward buying newer hardware rather than waiting for a fix.
The flaw is a buffer underflow in the USB controller, a primitive that lets an attacker send specially crafted data over USB and have it written into parts of memory the controller was never meant to touch. The controller stores up to three USB Setup packets in memory, then resets its pointer after a fourth, but the reset does not line up with how the pointer advances, leaving a 12-byte gap that can be walked backwards into adjacent code. From there, an attacker can overwrite a return address on the USB task’s stack and steer execution to their own code before iOS ever loads, and Paradigm Shift confirmed that A14 and later Apple chips configure the USB DART correctly, which closes the primitive.
Who Already Has This Capability
Digital forensics firms like Cellebrite and Magnet Forensics have long used techniques similar to the new exploit to access iPhones seized from suspects, TechCrunch reports, and Cellebrite’s own iOS 26 access testing workflow shows where the industry sits in 2026. The public write-up gives those tools a published technical reference for the first time.
Government customers who pay per unlock, or per year, for these tools now have a public document that matches the marketing pitch. Researchers and hobbyists, the people who build and maintain iPhone jailbreaks, also gain. Public iOS jailbreaks have become rare in the last decade because the bugs that enable them are valuable and worth selling instead of publishing, and a documented BootROM exploit with a working proof of concept could become the foundation for a new generation of jailbreaks the way the 2019 checkm8 exploit did for older iPhones.
- 2018, 2019: years the affected A12 and A13 chips were released
- 4 generations: A12, S4, S5, and A13 are all in scope
- 280+ stars: GitHub stars the proof-of-concept picked up within hours
- 6+ years: how long the unpatchable flaw will outlive the oldest device in the list
The wider effect lands on the second-tier researchers and the digital forensics industry. The PoC on GitHub, public and ready to fork, suggests that work has already started. The fact that the disclosure came from an offensive security firm, rather than a lone researcher, signals where the demand sits. That demand is in the small set of companies that sell phone-unlocking systems to law enforcement, intelligence agencies, and border agencies around the world.
The checkm8 Parallel
In 2019, an independent security researcher published checkm8, a separate unpatchable BootROM exploit that targeted A11 and earlier Apple chips. Checkm8 became the foundation for checkra1n and a handful of other jailbreak tools that still work on older iPhones and iPads today. The pattern was a public BootROM bug paired with a community of tinkerers, which produced a long-lived jailbreak scene for hardware Apple had otherwise locked down.
The new exploit sits in the same shape, one chip generation up. The technical details differ, the affected chips differ, and the researchers are a different team, but the business model looks familiar. Researchers, some independent and some under contract for digital forensics firms, are likely to spend the next several months building a public jailbreak for the iPhone XS, XR, and 11 family on top of the new primitive. The fact that the PoC is already on GitHub, public and ready to fork, suggests that work has already started.
The bigger point is what the 2019 exploit did not do, and what the new one does not do either: neither gives attackers a remote way into an iPhone. Both require a USB cable and physical access to the device, which keeps the threat surface for ordinary users small and concentrates the real risk on people whose phones might be taken from them at a border crossing or in a detention.
What Apple Said and What Users Should Do
Apple has not issued a public statement on the new exploit in the first 24 hours after disclosure. The 9to5Mac report on the disclosure says the Paradigm Shift team coordinated the release with Apple Product Security before publishing and that Apple’s security team engaged constructively in the process. Apple has, in past BootROM incidents, thanked researchers privately rather than issuing a public advisory when the affected hardware cannot be patched.
As these vulnerabilities reside in immutable code, affected users should be aware that migrating to newer hardware remains the most effective mitigation.
That sentence is the closing line of Paradigm Shift’s write-up on the vulnerability. For users who cannot migrate, the realistic options are limited. Apple is still shipping software updates for the iPhone 11 family, with iOS 27 keeping the iPhone 11 supported and faster, though that support does not change the BootROM calculus. The Secure Enclave that handles passcode and biometric checks is not directly compromised by the exploit, which limits what an attacker can pull off even with a working unlock, and restricting physical access to the device is the other practical step that applied after the 2019 exploit and applies again now.
Frequently Asked Questions
What is usbliter8?
Usbliter8 is a BootROM vulnerability in Apple’s A12, S4, S5, and A13 system-on-chips. The bug lives in the USB controller and lets a person with physical access to the device run their own code before iOS loads. It is the second unpatchable BootROM exploit to hit Apple silicon in seven years, after checkm8 in 2019.
Which iPhones are affected by usbliter8?
The iPhone XS, iPhone XS Max, iPhone XR, iPhone 11, iPhone 11 Pro, iPhone 11 Pro Max, and the second-generation iPhone SE all sit on the affected chips. Apple Watch Series 4 and 5, the first-generation Apple Watch SE, the iPad Air 3, iPad mini 5, iPad 8 and 9, the second-generation Apple TV 4K, and the Studio Display are also on the list. No iPhone 12 or later device is affected.
Can Apple fix usbliter8 in a software update?
No. The flaw lives in the Boot ROM, the first code that runs when the device powers on, and is burned into the silicon at the factory. The only way to remove it is to ship hardware with a later chip generation, starting with the A14 used in the iPhone 12 family.
Can usbliter8 be used to hack an iPhone remotely?
No. The attack requires plugging a USB cable directly into the device while it is in DFU mode. It is not a remote code execution bug and it does not travel over Wi-Fi, cellular, or the internet.
What should owners of an iPhone 11 or older Apple device do?
The most effective option is to move to a device that uses an A14 or later chip, which is not vulnerable. If that is not possible, keep the device physically secure, use a strong alphanumeric passcode, and remember that the Secure Enclave that protects passcodes and biometric data is not directly compromised by the exploit.
