Overview
- Paradigm Shift published a technical paper and working proof-of-concept for usbliter8 on Thursday, June 18, 2026, and made the code public after coordinating disclosure with Apple Product Security.
- The exploit abuses a hardware bug in the Synopsys DWC2 USB controller that can underflow a DMA buffer and overwrite SecureROM SRAM during Device Firmware Update (DFU) USB traffic.
- Affected chips include A12 and A13 and related S4/S5 variants, putting iPhone XS/XS Max/XR, the iPhone 11 lineup, second‑generation iPhone SE, several iPads, Apple Watch Series 4/5 and similar devices at permanent risk.
- Exploitation requires physical possession, forcing the device into DFU mode and connecting it to special hardware over USB, and successful attacks give code execution in SecureROM that can patch DFU and boot unsigned boot images without signature checks.
- Because SecureROM is burned into the chip and cannot be updated, practical mitigations are replacing affected devices with A14‑or‑newer hardware, strictly controlling physical custody and USB access, and inventorying vulnerable devices in sensitive roles.