Security researchers have uncovered a hardware-level vulnerability affecting several older Apple devices, including iPhone 11 models, iPhone XR, iPhone XS, selected iPads and three Apple Watch models.

The exploit, dubbed ‘usbliter8’, was disclosed by security firm Paradigm Shift and targets Apple’s SecureROM boot process on devices using A12, A13, S4 and S5 chips.

Because SecureROM is burned into the chip during manufacturing, Apple cannot fix the issue with a software update. Affected devices will remain vulnerable for as long as they are in use.

The flaw allows code execution before iOS, iPadOS or watchOS loads, potentially enabling an attacker to bypass parts of Apple’s normal boot-chain security. The exploit uses a weakness in the USB controller and requires the device to be placed in DFU mode and connected via USB to specialist hardware.

Apple iPad (8th Generation, 2020) - Review 2020 - PCMag Australia

Impacted products include the iPhone XR, iPhone XS and XS Max, iPhone 11, 11 Pro and 11 Pro Max, the second-generation iPhone SE, iPad Air 3, iPad mini 5, iPad 8 and 9, Apple Watch Series 4 and 5, and the first-generation Apple Watch SE.

Other Apple products using the affected chips, including the HomePod mini, second-generation Apple TV 4K and Studio Display, may also be exposed.

Paradigm Shift said it disclosed the findings to Apple before publishing its research and proof-of-concept code.

The exploit does not directly compromise Apple’s Secure Enclave, which protects passcodes and encryption keys, and there are no public reports of attacks in the wild.