Apple A12/S4/S5/A13 BootROM usbliter8 authentication bypass flaw
Vulnerability
Summary
Hide ▲
Show ▼
Researchers disclosed usbliter8, an unpatchable BootROM flaw affecting Apple A12, S4/S5, and A13 SoCs, creating boot-chain compromise risk for devices with physical access. The issue sits in immutable BootROM/SecureROM code, so an operating system update cannot fully remove it. The proof-of-concept relies on DFU mode and specialized RP2350-based microcontroller hardware, which limits broad abuse but raises risk for seized, stolen, or unattended devices.
Related Happenings
Apple A12/A13 SecureROM USB DMA underflow with public usbliter8 exploit security flaw
Vulnerability
H score0
First: 19.06.2026 21:37
Last: 19.06.2026 21:37
Sources 1
About this happening:
A public **usbliter8** exploit now reaches **arbitrary code execution** in Apple's **SecureROM**, exposing an **unpatchable USB DMA underflow flaw** across **A12, A13, S4, and S5*...
Apple A12/A13 SecureROM USB DMA underflow with public usbliter8 exploit security flaw
VulnerabilityAbout this happening: A public **usbliter8** exploit now reaches **arbitrary code execution** in Apple's **SecureROM**, exposing an **unpatchable USB DMA underflow flaw** across **A12, A13, S4, and S5*...
Beats Studio Buds Bluetooth BR/EDR missing-authentication security flaw (multiple vulnerabilities)
Vulnerability
H score24
First: 18.06.2026 15:23
Last: 18.06.2026 15:23
Sources 1
About this happening:
**Beats Studio Buds** are affected by **CVE-2025-20701**, a **missing-authentication** flaw in **Airoha system-on-a-chip (SoCs)** and the **Bluetooth BR/EDR radio** that can let a...
Beats Studio Buds Bluetooth BR/EDR missing-authentication security flaw (multiple vulnerabilities)
VulnerabilityAbout this happening: **Beats Studio Buds** are affected by **CVE-2025-20701**, a **missing-authentication** flaw in **Airoha system-on-a-chip (SoCs)** and the **Bluetooth BR/EDR radio** that can let a...
Timeline
-
22.06.2026 17:00 2 articles · 1h ago
Researchers disclose usbliter8 BootROM flaw affecting Apple A12, S4/S5 and A13
Initial DisclosureParadigm Shift disclosed usbliter8, a novel BootROM vulnerability affecting Apple A12, S4/S5 and Apple A13 SoCs that can let a physically present attacker compromise the boot chain through DFU mode and RP2350-based microcontroller hardware. The flaw combines a Synopsys DesignWare USB controller DMA weakness with a SecureROM configuration issue, and because BootROM code is immutable after manufacture, an operating system update cannot fully correct it; the affected devices are described as carrying the issue for their lifetime.
Show sources
- Unpatchable BootROM Flaw Impacts Apple A12, A13 Chips — www.infosecurity-magazine.com — 22.06.2026 17:00
- Unpatchable BootROM Flaw Impacts Apple A12, A13 Chips — www.infosecurity-magazine.com — 22.06.2026 17:00