Apple's SecureROM exploit on older iPhones.

On June 18, researchers at Paradigm Shift published usbliter8, a working exploit that runs their own code inside the SecureROM of Apple's A12 and A13 chips. It reaches the iPhone XS, XR, and 11, along with some iPads and Apple Watches.

SecureROM is the first code a phone runs when it powers on. It checks that Apple's software is genuine before the operating system loads, so it sits at the root of the device's trust. That code is burned into the chip at the factory and cannot be changed, which is why the flaw cannot be patched. The access survives updates, restores, and firmware changes.

What it does not reach is the Secure Enclave, a walled-off part of the chip that stores private keys and biometric data and never lets them leave. The break gives control over how the device starts, not the secrets it holds.