New Exploit Bypasses Apple’s Boot Defenses, Affects Millions of iPhones

The vulnerability exploited by the Usbliter8 exploit cannot be patched and a PoC exploit has been released by researchers. The post New Exploit Bypasses Apple’s Boot Defenses, Affects Millions of iPhones appeared first on SecurityWeek .

According to the report, Paradigm Shift researchers disclosed an unpatchable Apple SecureROM/BootROM vulnerability in A12 and A13 chips, enabling the Usbliter8 exploit to bypass secure boot defenses on millions of iPhones and Apple Watches, with a public proof-of-concept now available.[1][2][7] The exploit requires physical USB access and allows booting unsigned firmware and lowering device security levels, but does not directly expose user data according to Apple.[1] From a CyberSE.AI perspective, this highlights a hardware-level supply chain risk where security flaws are baked into silicon and cannot be remediated by software updates, necessitating long-term hardware lifecycle planning, device inventory and segmentation, and policies for managing unpatchable mobile endpoints. Organizations should update asset baselines, adjust threat models for physical access scenarios, and incorporate chip-level boot security assurances into vendor and SBOM assessments.