What does 'Boot ROM' mean and why is it unpatchable?

The Boot ROM is a tiny, read-only piece of memory in the chip that contains the very first instructions an iPhone runs when it starts up. Because it's 'read-only' and permanently etched into the hardware, it's impossible to change it with a software update. This makes any flaw in it permanent for that hardware.

Does this flaw allow remote hacking of my iPhone?

No, the exploit requires physical access to your iPhone. It cannot be launched remotely over the internet or through a malicious app. An attacker would need to have your device in their hands to exploit this vulnerability.

What are the risks of this vulnerability for an average user?

For most users, the risk is low due to the physical access requirement. However, if your iPhone were confiscated by authorities or stolen by a determined attacker, this flaw could make it easier for them to jailbreak the device and potentially access its data, even if it's locked.

What is Apple's response to this flaw?

As of now, Apple has not made a public statement regarding this specific unpatchable hardware flaw. The company typically does not comment on security issues until patches are available, which is not possible for a Boot ROM vulnerability.

Image: courtesy of TechCrunch

techJune 23, 2026By Veridact EditorialUpdated Jun 23

Unpatchable Hardware Flaw Opens Older iPhones to Permanent Jailbreak Risk

Security researchers have revealed an unpatchable hardware vulnerability within Apple's A12 and A13 chips, which powers iPhones up to the iPhone 11. This flaw, dubbed 'usbliter8,' resides in the Boot ROM, a foundational part of the device's startup sequence, meaning it cannot be fixed through software updates. While requiring physical access to the device, the exploit allows for a permanent jailbreak and opens avenues for advanced data extraction by forensics specialists. Apple has not yet publicly addressed this specific security issue.

Implications

This report details the newly disclosed hardware flaw affecting Apple's A12 and A13 chips, explaining why it is considered 'unpatchable' and what that means for device security. It will explore the technical specifics of the Boot ROM vulnerability, the historical context of similar exploits, and the implications for both average iPhone users and specialized government or forensic agencies. We will also examine Apple's typical response to security issues and the challenges this particular hardware-based vulnerability presents to that established approach.

Background

A new hardware vulnerability, identified as 'usbliter8,' has been discovered in Apple's A12 and A13 system-on-a-chip (SoC) designs. These chips are found in a range of older iPhone models, specifically from the iPhone XR, iPhone XS, and iPhone XS Max, up to the iPhone 11, iPhone 11 Pro, and iPhone 11 Pro Max. The flaw is located in the Boot ROM, a critical piece of read-only memory that initiates the device's startup process. Because the Boot ROM is embedded directly into the chip's hardware during manufacturing, it cannot be altered or updated once the device has shipped. This makes the vulnerability 'unpatchable' by conventional software updates.

The exploit requires physical access to the iPhone to be activated, meaning a remote attack is not possible. However, once exploited, it allows for a permanent jailbreak, which grants users deep access to the device's operating system, bypassing Apple's security restrictions. Security researchers from Paradigm Shift are credited with discovering this specific Boot ROM vulnerability. While the flaw itself does not directly compromise the Secure Enclave – Apple's dedicated hardware component for protecting sensitive data like biometric information and encryption keys – researchers suggest it could create wider attack vectors that might eventually compromise it.

Precedents

This 'usbliter8' vulnerability shares characteristics with a previous, well-known Boot ROM exploit called 'checkm8,' which affected older Apple devices using A5 to A11 chips. The 'checkm8' exploit, released in 2019, similarly allowed for an unpatchable jailbreak due to its hardware-level nature. The recurrence of such a fundamental hardware flaw highlights a persistent challenge for Apple: once a Boot ROM vulnerability is exposed, it creates a permanent opening in the security of affected devices.

Apple's general strategy for security vulnerabilities has historically been to release rapid software patches, often without much public comment until a fix is available. This approach works effectively for software-based flaws, which can be addressed through iOS updates. However, for hardware-level issues like those affecting the Boot ROM, this strategy is fundamentally challenged. The company cannot issue a software update to rewrite a physical chip. Instead, Apple's response to these types of unpatchable flaws has often involved encouraging users to upgrade to newer hardware, which incorporates patched or redesigned chips.

The discovery of an unpatchable hardware flaw in a range of widely used iPhones is significant for several reasons. For average users, it means that devices up to the iPhone 11 will always carry this inherent vulnerability, regardless of how many software updates Apple releases. While the need for physical access mitigates immediate widespread remote attacks, it drastically lowers the security barrier for targeted attacks, particularly those involving forensic data extraction or industrial espionage.

For Apple, this flaw represents a rare breach in its tightly controlled security ecosystem. The company prides itself on robust device security, and an unpatchable hardware flaw undermines that perception, especially as it affects devices that are still very much in active use. It also creates a strategic dilemma: how to address a vulnerability that cannot be fixed by its usual methods.

Perhaps the most immediate impact will be felt within the digital forensics and government surveillance sectors. Companies specializing in extracting data from mobile devices will likely integrate this exploit into their toolkits. This could empower law enforcement agencies and other entities to access data on locked, physically seized iPhones that were previously impenetrable, raising complex questions about privacy, digital rights, and the balance between security and surveillance.

Scenarios

Analysis

Several potential outcomes could unfold following the disclosure of this unpatchable flaw:

One outcome is that Apple may continue its policy of not publicly commenting on security issues until a patch is available. Since a software patch for this hardware flaw is impossible, Apple might choose to remain silent on the specific Boot ROM vulnerability, implicitly pushing users towards newer, unaffected devices through their regular upgrade cycles. This approach would avoid drawing more attention to a problem they cannot directly solve with software.

Another possibility is that the security research community, alongside companies specializing in mobile forensics, will further develop and refine tools based on the 'usbliter8' exploit. This could lead to more sophisticated methods for jailbreaking affected iPhones and extracting data, potentially expanding the capabilities of these tools beyond simple data access to deeper system manipulation, even if it still requires physical device access.

A third scenario involves heightened pressure from privacy advocates and perhaps even regulators. If the exploit's use by government or commercial entities becomes widespread or controversial, Apple might be compelled to issue a public statement. Such a statement would likely acknowledge the flaw's existence while emphasizing the physical access requirement and reiterating advice on keeping software updated (for other vulnerabilities) and considering device upgrades for the highest level of security.

Timeline

2026-06-22

Unpatchable A12/A13 Flaw Revealed

Security researchers, including Paradigm Shift, publish details of 'usbliter8,' an unpatchable Boot ROM vulnerability affecting Apple's A12 and A13 chips in iPhones up to the iPhone 11.

2026-06-23

Apple Remains Silent

As of this date, Apple has not publicly responded to the newly disclosed hardware-level security flaw in its A12 and A13 chips.

Frequently Asked Questions

The flaw, known as 'usbliter8,' is a hardware vulnerability in the Boot ROM of Apple's A12 and A13 chips. This means it's built into the chip itself and cannot be fixed by software updates. It affects iPhones from the iPhone XR/XS/XS Max up to the iPhone 11/11 Pro/11 Pro Max.

Discussion

Be the first to share your thoughts.