A public exploit (usbliter8) released June 18, 2026 achieves privileged code execution inside the SecureROM of Apple A12 and A13 SoCs, permanently compromising the hardware root of trust on all affected devices — including iPhone XS through iPhone 11 series, iPad Air 3rd gen, iPad mini 5th gen, iPad 8th gen, Apple Watch Series 4/5/SE (1st gen), and HomePod mini. Apple cannot patch a read-only boot ROM; every affected device will remain permanently exploitable at the hardware level for the remainder of its operational life. Physical access is required to place a device in DFU mode, which is the attack surface, but the public release of a working proof-of-concept dramatically lowers the barrier to exploitation.