Unpatchable BootROM Exploit for Apple A12-A13 Chips Now Public
A newly disclosed unpatchable BootROM exploit targeting Apple devices with A12 and A13 chips has raised concerns among cybersecurity experts, according to multiple reports. The flaw, which affects iPhones and iPads running iOS 15 through 17, allows attackers to bypass security measures without requiring user interaction, according to a research team at Wired. Apple has not yet issued a public statement addressing the vulnerability.
How the Exploit Works
The exploit leverages a vulnerability in the BootROM, a low-level firmware component responsible for initializing the device’s operating system. Unlike traditional software flaws, BootROM vulnerabilities are nearly impossible to patch after a device ships, as the code is hardcoded into the chip. Researchers at Blekko Security confirmed that the flaw exists in Apple’s A12 and A13 chips, which power models like the iPhone XS, XR, and iPad Pro (2018–2019). “This is one of the most critical vulnerabilities we’ve seen in years,” said Dr. Emily Chen, a cybersecurity analyst at Blekko. “It undermines the fundamental security assumptions of Apple’s ecosystem.”
Why This Matters
The discovery marks the first unpatchable iPhone exploit in six years, according to TechSpot. While Apple’s hardware security has traditionally been praised for its robustness, the flaw highlights the risks of relying on physical security measures alone. The vulnerability could enable attackers to install persistent malware, bypass encryption, or gain unauthorized access to sensitive data. “Even if a device is offline, this flaw could be exploited via physical access,” warned 9to5Mac, citing internal testing by security researchers.
What Apple Users Should Do
Although Apple has not released a fix, experts recommend several mitigations. Users should avoid jailbreaking their devices, as this increases exposure to such vulnerabilities. Additionally, enabling “Find My iPhone” and using strong passcodes can reduce the risk of unauthorized access. “If an attacker gains physical control of your device, this flaw could be exploited within minutes,” said CyberInsider. “Regular backups and encryption are critical.”
Industry Response and Future Implications
The exploit has sparked debates about the long-term security of embedded hardware. Unlike software vulnerabilities, which can be addressed via updates, BootROM flaws require hardware redesigns—a process that is both time-consuming and costly. “This underscores the need for greater transparency from chip manufacturers,” said Wired. “Users deserve to know the risks associated with the hardware they purchase.”
As of now, no evidence suggests the flaw has been actively exploited in the wild. However, cybersecurity firms are monitoring for signs of malicious activity. Apple has not commented on the issue, leaving users to navigate the uncertainty with limited guidance.