New unpatchable exploit targets Apple devices with A12 and A13 chips

The discovery of *usbliter8*, an unpatchable BootROM exploit targeting Apple’s A12 and A13 chipsets, is more than just another security vulnerability—it’s a fundamental challenge to the perceived invulnerability of modern computing ecosystems. Unlike software-based flaws that can be mitigated through updates, BootROM vulnerabilities are etched into hardware at the factory level, rendering them permanent. This isn’t the first such exploit—Apple’s history is dotted with BootROM flaws like *checkm8*, which similarly allowed deep system access—but *usbliter8* stands out for its persistence and the specific target: devices still in wide circulation, including the iPhone XS, iPhone 11 series, and certain iPad models. For consumers, the implications are stark: these devices, once compromised, remain vulnerable indefinitely, even as Apple rolls out new software protections. For security researchers, the finding reinforces a troubling reality—hardware-level flaws are increasingly the weakest link in an otherwise tightly controlled ecosystem. The exploit’s technical underpinnings reveal a deeper issue in chip design. The A12 and A13 chips, launched in 2018 and 2019 respectively, introduced Apple’s custom silicon era, promising both performance gains and theoretical security improvements. Yet the same architectural choices that enabled these chips’ efficiency may have inadvertently created new attack surfaces. The fact that *usbliter8* leverages USB-related functionality suggests that even peripheral interfaces—not just core processing units—can become gateways for compromise. This aligns with a broader trend in cybersecurity: as devices become more interconnected, the attack surface expands beyond traditional computing boundaries. Looking ahead, the most pressing question is whether Apple will acknowledge this exploit as a systemic flaw or treat it as an isolated incident. The company’s response to *checkm8* was minimal, with no public acknowledgment of the risk posed to older devices. If a similar approach is taken here, it could signal a shift in how Apple prioritizes security for its user base. Meanwhile, the exploit’s availability in the wild—likely within security research circles—raises concerns about its eventual weaponization by malicious actors. For now, the burden falls on users to assess whether the convenience of older devices outweighs the risk of compromise, while the tech industry grapples with the uncomfortable truth that even the most carefully engineered systems can harbor irreparable flaws.