Unpatchable usbliter8 exploit breaks SecureROM
🔒 Security researchers at Paradigm Shift published a working exploit called usbliter8 that achieves arbitrary code execution inside the SecureROM of Apple A12 and A13 SoCs. The flaw is a hardware bug in the Synopsys DWC2 USB controller and cannot be fixed by software updates, making affected devices permanently vulnerable. Exploitation requires physical possession, DFU mode, and a dedicated microcontroller; the public proof-of-concept and write-up were released on June 18, 2026 following coordinated disclosure.
