A hardware-level security flaw affecting several older Apple devices cannot be fully fixed with a standard software update. The issue matters because it strikes before iOS even begins to run, making it different from the kind of vulnerability users usually hear about.
Security researchers at Paradigm Shift identified the bug as usbliter8. It is tied to USB behavior, specific Apple silicon chips, and firmware configurations that allow the exploit to persist even after software patches.
Why the flaw stands out
The concern is not only that the bug exists, but that it affects the boot process itself. According to the researchers, the exploit can be triggered while a device is in DFU mode, when data sent over USB can confuse the device’s USB controller.
That confusion can force the controller to write data to the wrong memory area. From there, an attacker may be able to inject code before iOS finishes booting, which could open the door to bypassing digital signature checks and running modified system software.
Devices confirmed as affected
The flaw impacts devices using A12, A13, S4, and S5 chips. That includes a wide range of Apple products, from iPhone and iPad to Apple Watch, Apple TV, and Studio Display.
| Category | Affected devices |
|---|---|
| iPhone | iPhone XR, iPhone XS, iPhone XS Max, iPhone 11, iPhone 11 Pro, iPhone 11 Pro Max, iPhone SE |
| iPad | iPad Air 3, iPad mini 5, iPad 8, iPad 9 |
| Apple Watch | Apple Watch Series 4, Apple Watch Series 5, Apple Watch SE |
| Other devices | Apple TV 4K second-generation, Studio Display |
Notably, the researchers said the bug does not affect older A11-based devices, showing that the vulnerability is not spread evenly across Apple’s hardware generations.
What users should understand
The exploit has an important limitation: it requires physical access to the device. That means it is not a remote attack that can be launched over the internet.
The greatest risk appears when a device is stolen, seized, or placed in the hands of someone who can access the USB port and force DFU mode. In that situation, the attacker may have the opportunity to work around parts of the device’s security chain.
There is one reassuring detail. The researchers said the flaw does not affect the Security Enclave, the area that stores encrypted data such as passcodes and other sensitive information.
Even so, the ability to inject code before iOS loads remains serious because it targets the earliest stage of the device’s security process. Paradigm Shift said Apple has been working closely with the team on the issue, but the root cause sits in hardware rather than software.
For owners of the affected devices, the priority is physical protection. As the researchers noted, the most effective way to reduce the impact of this kind of threat is to keep the device out of the wrong hands, especially because a conventional patch cannot fully remove the underlying flaw.