# Apple’s A12 and A13 Chips Have an Unpatchable Flaw – What It Means for You > Source: > Published: 2026-06-19 16:12:27+00:00 Someone would need your iPhone, a USB cable, a Raspberry Pi Pico, and access during boot to pull this off. That’s the good news. The bad news: security firm Paradigm Shift has disclosed **“ usbliter8,”** a BootROM exploit targeting Apple’s **A12 and A13** [custom silicon](https://www.gadgetreview.com/apple-cooks-up-custom-silicon-smart-glasses-and-ai-chips-signal-techs-next-evolution)that no software update will ever fix. The vulnerability affects: - iPhone XS through the entire iPhone 11 lineup - iPhone SE 2nd gen - Select iPads - Apple Watch Series 4/5 - HomePod mini The flaw lives in **read-only memory** — burned into silicon at manufacture, immutable forever after. ## What “Unpatchable” Actually Means *This isn’t a bug Apple can quietly patch overnight — it’s a hardware-level flaw locked into the chip itself.* [ BootROM](https://appleinsider.com/articles/26/06/18/a12-a13-apple-devices-face-an-unpatchable-securerom-vulnerability) is the first code your phone runs at power-on, and Apple can’t rewrite it any more than you can un-bake a cake. The bug sits in a third-party Synopsys USB controller built into A12 and A13 chips. That controller accepts malformed packets smaller than the USB spec allows. Three undersized packets cause a memory pointer to walk backwards into territory it was never meant to touch, according to [Paradigm Shift’s technical writeup](https://ps.tc/pages/blog-usbliter8.html). From there, an attacker can write data into sensitive memory regions during the boot process. The irony stings. A11 devices like the iPhone X escape because Apple’s USB driver manually resets the pointer after each packet. A14 and later escape because Apple finally configured its memory protection unit — called [ DART](https://www.kernelconfig.io/CONFIG_APPLE_DART) — correctly at boot. A12 and A13 sit in the gap: a vulnerable middle generation caught between an old fix and a newer one. Apple essentially threaded a needle badly, and researchers just found the hole. *“Moving to a newer device is the only way to mitigate this vulnerability.”* — [Privacy Guides](https://mashable.com/tech/older-iphones-vulnerable-to-a-flaw-apple-cant-fix) ## The Real-World Risk Isn’t Zero, But It’s Not a Fire Drill *Your passcode and encrypted data stay protected — but high-risk users should take this seriously.* If you’re a journalist, activist, or executive whose phone might end up in hostile hands at a border crossing, this matters. For everyone else: the exploit demands physical USB access during DFU mode, relies on specialized microcontrollers rather than a standard Mac or PC, and your passcode and Secure Enclave remain intact. The [ Secure Enclave](https://support.apple.com/en-ca/guide/security/sec59b0b31ff/web) is not directly compromised by usbliter8. Nobody is [tracking users](https://www.gadgetreview.com/white-house-app-caught-secretly-tracking-users-every-4-minutes)over Wi-Fi. What usbliter8 actually achieves is breaking Apple’s secure boot chain, allowing unsigned software to load before iOS ever starts. It stamps **“PWND”** into the device’s USB serial number — a deliberate callback to checkm8, the 2019 exploit that did the same for A5–A11 devices and powered a generation of jailbreak tools. For the jailbreak community, this is like finding a lost vinyl pressing everyone assumed was destroyed. Paradigm Shift coordinated disclosure with Apple Product Security before publishing. Practical steps: - Keep a strong passcode - Avoid plugging into unknown USB accessories during reboot - Don’t hand a booting device to strangers If physical-access threats are real in your world, upgrading to A14 or later hardware is the only true fix. [Apple](https://www.gadgetreview.com/trump-claims-apple-intel-chip-deal-neither-company-confirms) can’t patch the chip that already shipped.