Overview
- Paradigm Shift published a detailed write-up and working proof-of-concept called usbliter8 on Thursday, June 18, completing coordinated disclosure with Apple Product Security.
- The exploit abuses a hardware bug in the Synopsys DWC2 USB controller by sending specially crafted tiny USB packets to a device in DFU mode to corrupt an internal pointer and write to protected memory.
- Affected hardware includes many A12- and A13-powered products such as the iPhone XS/XS Max/XR, iPhone 11 series, second‑generation iPhone SE, several iPad models, Apple Watch S4/S5 units, and HomePod mini.
- Practical risk to ordinary users is limited because exploitation needs physical DFU/USB access and specialized tooling, and the Secure Enclave is not directly broken, though early-boot control can open further attack paths.
- There is no software fix because BootROM/SecureROM is burned into silicon, so the main mitigation is replacing affected devices with A14-or-newer hardware and keeping unattended devices and passcodes secure.