usbliter8 – Apple A12 and A13 SecureROM Exploit

The Exploit Blog

Penetration Testing Blog

usbliter8 - Apple A12 and A13 SecureROM Exploit
Published on July 3, 2026
Written by Jason Taylor

Security researchers at Paradigm Shift recently announced the usbliter8 SecureROM exploit that affects Apple A12 and A13 chipsets. The proof-of-concept allows for bypassing Apple’s protections within the SecureROM boot process and allows for code execution on a myriad of older iPhones and iPads. Of particular note is that the iPhone 11, which will support iOS 27, is the newest iPhone affected by this vulnerability. 

From an offensive security perspective, this could lead to a jailbreak for newer, but still old, iPhones such as the iPhone 11. This could allow for full access during mobile app penetration tests, although currently there is no full jailbreak available that uses this vulnerability.

What This Means for iPhone 11 Users

From a consumer perspective, this means the iPhone 11, a device that will be receiving the latest iOS 27 later this year, will be affected by a hardware-level exploit that cannot be patched via software

Taking advantage of the exploit does require plugging the affected device into a Raspberry Pi via a Lighting cable. This decreases the risk of this exploit being used against a normal day-to-day user of an iPhone 11. However, this could open these devices up to further inspection in situations where a phone is removed from the owner, such as during international travel when law enforcement agencies may confiscate devices during interviews. 

If you use an iPhone 11 or older and travel frequently, consider upgrading to a newer device to protect yourself from this risk. 

Jason Taylor

Jason Taylor

Jason has a passion for asking “what-if” questions and for trying to “break” software and test how it responds to unintended uses. Jason has a background in System Administration and Security Engineering in the financial sector. He holds both defensive and offensive certifications including OSCP, PNPT, GCIH, CASP+, and is Splunk Certified. When he’s not spending his time taking new training courses, he loves spending time with his wife and kids and occasionally working on an IoT project to automate some aspect of their greenhouse or chicken coop.

About The Exploit

The Exploit is written by Raxis penetration testers. Every post is a technical writeup from someone who runs engagements for a living, with code, command output, and the reasoning behind each step. Topics include exploit research, vulnerability disclosure, tool development, and the offensive techniques showing up in current client work.

Search The Exploit Blog

Raxis Discovered Vulnerabilities

View the CVEs and bugs that Raxis pentesters have uncovered and submitted.

Work With the Pentesters Who Wrote This Blog

The engineers behind these posts run real engagements every week. Put them on your network, web apps, APIs, or cloud and see what an attacker would find first.

Join Our Newsletter

Name(Required)
Newsletter(Required)
Do you wish to join our newsletter? We send out emails once a month that cover the latest in cybersecurity news. We do not sell your information to other parties.