A critical BootROM vulnerability has been discovered affecting Apple A12 and A13 chips, enabling attackers with physical access to compromise the boot chain. Identified as 'usbliter8', this vulnerability stems from an exploit involving a USB controller flaw combined with a firmware configuration issue in SecureROM. Unlike software flaws, this BootROM issue cannot be fixed via OS updates, making affected devices vulnerable for their lifetime.
The exploit requires access to DFU mode and specific hardware, limiting widespread misuse but raising concerns about seized or stolen devices. Researchers warn that while the exploit does not target the Secure Enclave directly, it could lead to more severe attacks.