logo

New iPhone BootROM Flaw Enables Hardware-Level Compromise

ID: 9b683517-b5f2-5b9b-802b-6a71b92c00a8

STIX ID: report--9b683517-b5f2-5b9b-802b-6a71b92c00a8

Feed Name: The Cyber Express

Threat Score
75/100

Date Published: 2026-06-19

Date Updated: 2026-06-19

Author: Ashish Khaitan

...
...

The report details a proof-of-concept exploit named "usbliter8" that abuses a DMA pointer/reset flaw in the Synopsys DesignWare USB2 (DWC2) controller to trigger buffer underflows and controlled memory corruption on Apple A12, A13, and Apple Watch S4/S5 devices. Researchers achieved SecureROM code execution (including EL1 privileges), built ROP chains and bypasses for PAC-protected platforms, and demonstrated persistent BootROM modifications allowing unsigned iBoot images; because the vulnerability resides in immutable BootROM/SecureROM, affected devices remain permanently exposed and hardware replacement is the primary mitigation.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.