Security research firm Paradigm Shift has disclosed a BootROM vulnerability affecting Apple's A12 and A13 chips, along with releasing proof-of-concept code named 'usbliter8'. The vulnerability stems from a hardware design flaw in the chip's built-in USB controller, allowing attackers to send specialized data packets via USB during device boot to tamper with memory pointers and perform reverse read/write operations on restricted memory regions. The A12 chip enables direct code takeover, while the A13 chip, equipped with PAC pointer authentication, requires multiple operations to bypass protections. After exploitation, rebooting the device cannot clear the attack program, allowing attackers to temporarily downgrade security restrictions to run unsigned programs and mark the device's USB serial number with 'PWND'. Since BootROM is hardcoded into the chip, affected devices including the entire iPhone XS, iPhone XR, and iPhone 11 series cannot be fixed via software updates. However, exploitation requires physical access to the device and cannot be achieved remotely in daily scenarios. The research team has synchronized vulnerability details with Apple's security department and made the proof-of-concept code publicly available.