Security researchers have disclosed a working exploit that compromises the foundational boot security of Apple's A12 and A13 processors — and unlike most vulnerabilities disclosed today, no software patch will ever fix it.
The exploit, dubbed "usbliter8," was published by the security research firm Paradigm Shift. It achieves arbitrary code execution inside the SecureROM of Apple's A12 and A13 silicon, the immutable first link in the device's chain of trust. Because this code is physically burned into the chip during manufacturing, the flaw is permanent: affected devices will carry it for their entire operational lifespan.
Why SecureROM Matters
The SecureROM is the very first code that executes when an Apple device powers on. It is responsible for verifying the integrity of every subsequent stage in the boot process — from the bootloader to the operating system kernel. Compromising this root-of-trust layer effectively undermines every security guarantee the platform offers, as an attacker with code execution at this level can bypass signature checks, disable security mechanisms, and load arbitrary payloads before any higher-level protections engage.
This makes usbliter8 a fundamentally different class of vulnerability. It is not a bug in an operating system, a browser, or an app — it is a flaw in the hardware itself.
Scope and Practical Risk
The affected chipsets — the A12 (released in 2018) and A13 (released in 2019) — powered some of Apple's most popular devices, including the iPhone XS, iPhone 11, iPad Air (3rd generation), and various other models. Given the enormous installed base of these products, many of which remain in active use worldwide, the number of potentially affected devices is substantial.
However, researchers and security observers have been careful to note that this is not a remote attack. Exploitation requires physical USB access to the target device, which significantly narrows the practical threat landscape. This is not an exploit that can be deployed via a malicious website or a phishing email — an attacker must have the device in hand.
That said, the severity of the compromise at the hardware level means that for those targeted, the consequences are total. Forensic firms, state-sponsored actors, and sophisticated criminal operations with physical device access could leverage usbliter8 to gain persistent, undetectable control over affected iPhones and iPads.
Echoes of checkm8
The discovery draws immediate parallels to the "checkm8" exploit disclosed in 2019, which similarly targeted the SecureROM of older Apple chips — the A5 through A11 processors. checkm8 became a widely used tool in both the jailbreaking community and the forensic industry precisely because its unpatchable nature made it a reliable, permanent attack vector.
usbliter8 extends that same class of hardware-level risk forward by one or two chip generations, bringing devices that were previously considered immune into the scope of permanent vulnerability.
Implications for Device Security Strategy
For individual users, the practical risk of usbliter8 remains low given the physical access requirement. Most everyday threat models do not include an adversary with hands-on access to a locked iPhone.
For organizations, however, the calculus is different. Enterprise security teams managing fleets of A12- and A13-based devices now face a hardware-level risk that cannot be mitigated through software updates, configuration profiles, or mobile device management platforms. The only complete remediation is hardware replacement — retiring affected devices in favor of newer models built on Apple's A14 silicon or later, which are not known to be vulnerable to this exploit.
For high-risk individuals — journalists, activists, diplomats, and others who may face targeted surveillance — the finding is more immediately concerning. A device left unattended even briefly could be permanently compromised at the deepest level, with no forensic evidence visible at the operating system layer.
As of reporting, Apple has not issued a public response to the usbliter8 disclosure. Given the immutable nature of the flaw, a traditional security advisory or firmware update is not expected — but the company may choose to clarify the scope of affected hardware and offer guidance to enterprise customers and security-conscious users.
The discovery serves as a stark reminder that in modern device security, the most consequential vulnerabilities may not live in software at all — but in the silicon itself.
安全研究人員披露了一個有效的漏洞利用程式,該程式可侵入 Apple A12 及 A13 處理器的基礎啟動安全性 — 與現今大多數披露的漏洞不同,此漏洞將永遠無法透過軟件修補程式來修復。
這個名為「usbliter8」的漏洞利用程式由安全研究公司 Paradigm Shift 公開。它能在 Apple A12 及 A13 矽晶片的 SecureROM 內執行任意代碼,而這是裝置信任鏈中不可變更的初始環節。由於這段代碼在製造過程中已物理燒錄到晶片內,因此該缺陷是永久性的:受影響的裝置將在整個使用壽命期間一直存在此漏洞。
為何 SecureROM 至關重要
SecureROM 是 Apple 裝置開機時最先執行的代碼。它負責驗證啟動過程後續每個階段的完整性 — 從 bootloader 到 kernel。一旦此「信任根源」層被攻破,實際上就削弱了平台提供的所有安全保障,因為攻擊者在此層級擁有代碼執行能力,便可在任何更高層級的保護機制啟用之前,繞過簽署檢查、禁用安全機制並加載任意負載。
這使得 usbliter8 成為一類根本上不同的漏洞。它並非作業系統、瀏覽器或應用程式中的程式錯誤 — 而是硬件本身的一個缺陷。
影響範圍與實際風險
受影響的晶片組 — 於 2018 年推出的 A12 及於 2019 年推出的 A13 — 曾驅動部分 Apple 最受歡迎的裝置,包括 iPhone XS、iPhone 11、iPad Air(第三代)以及其他多種型號。鑑於這些產品龐大的安裝基數,且其中許多仍在全球範圍內活躍使用,潛在受影響的裝置數量相當可觀。
然而,研究人員和安全觀察人士謹慎指出,這並非一項遠端攻擊。利用漏洞需要物理存取目標裝置的 USB 接口,這大幅縮小了實際的威脅範圍。這並非可透過惡意網站或網絡釣魚郵件部署的漏洞利用程式 — 攻擊者必須實體持有裝置。
話雖如此,由於此漏洞侵入的是硬件層級,對於被針對的目標而言,後果是徹底的。具備物理裝置存取能力的取證公司、國家支持的行為者以及老練的犯罪組織,可利用 usbliter8 來獲得對受影響 iPhone 和 iPad 的持久、難以偵測的控制權。
與 checkm8 的關聯
此項發現立即令人聯想到 2019 年披露的「checkm8」漏洞利用程式,後者同樣針對較舊 Apple 晶片(A5 至 A11 處理器)的 SecureROM。checkm8 成為越獄社群和取證產業廣泛使用的工具,正是因為其無法修補的特性使其成為可靠、永久的攻擊媒介。
usbliter8 將此類硬件層級風險向前延伸了一至兩代晶片,將先前被認為免疫的裝置也納入了永久性漏洞的範疇。
對裝置安全策略的啟示
對於個人用戶而言,鑑於需要物理存取的前提,usbliter8 的實際風險仍然較低。大多數日常威脅模型並未包含能實體接觸一部已鎖定 iPhone 的對手。
然而,對於組織而言,情況則有所不同。管理大批 A12 及 A13 裝置的企業安全團隊,如今面臨一個無法透過軟件更新、設定描述檔或流動裝置管理平台來緩解的硬件層級風險。唯一的完整補救措施是更換硬件 — 淘汰受影響的裝置,改用基於 Apple A14 或更新矽晶片的型號,後者目前未發現受此漏洞利用程式影響。
對於高風險人士 — 記者、社運人士、外交官及其他可能面臨針對性監控的群體 — 這項發現更為迫切地令人擔憂。裝置即使短暫無人看管,也可能在最深層級被永久攻破,而在作業系統層面上不會留下可見的取證證據。
截至發稿時,Apple 尚未對 usbliter8 的披露作出公開回應。鑑於漏洞的不可變性質,預計不會有傳統的安全公告或韌體更新 — 但該公司可能選擇澄清受影響硬件的範圍,並向企業客戶和注重安全的用戶提供指引。
此項發現鮮明地提醒我們,在現代裝置安全中,最具影響力的漏洞可能根本不存在於軟件之中 — 而是存在於矽晶片本身。