Security researchers at Paradigm Shift have disclosed a vulnerability they call usbliter8 that allows an attacker to run their own code deep inside the boot chip of several older Apple devices. The flaw lives in a read-only hardware component called the SecureROM — the very first code that runs when you power on an Apple device — and because it is physically burned into the chip at the factory, no software update can ever fix it.
The good news is that pulling off this attack is not easy. An attacker needs your device in hand, a special USB cable, and the technical knowledge to force the phone into its recovery (DFU) mode. If your phone is in your pocket or locked away, you are not at risk. For the vast majority of users, the practical threat is low — this is more of a concern if your device is lost or stolen and falls into the hands of a skilled, determined attacker.
How to check if you’re affected
Affected devices include iPhones and iPads using Apple’s A12 or A13 chips:
- iPhone XS, XS Max, XR (A12 chip)
- iPhone 11, 11 Pro, 11 Pro Max (A13 chip)
- iPhone SE (2nd generation) (A13 chip)
- iPad Air (3rd generation), iPad mini (5th generation), iPad (8th generation)
- Apple Watch Series 4, Series 5, and first-generation SE
- HomePod mini
Devices with A11 chips (iPhone X/8) or A14 and newer (iPhone 12 and later) are not affected by this specific exploit. If you use one of the affected models, there is no patch to apply — Apple cannot push a firmware fix for a hardware flaw. Your best protection is keeping your device physically secure and enabling a strong passcode so that recovery mode cannot be triggered without your knowledge.