Researchers at Paradigm Shift released a report exposing a hardware flaw in several Apple devices. The vulnerability, named usbliter8, targets USB and Apple silicon chips on the A12, A13, S4, and S5 lines. Devices affected include the iPhone XR and iPhone XS/XS Max models, among others.

The flaw originates in the USB controller and a firmware configuration error that makes it impossible to patch. Attackers must physically possess the device and enter DFU mode to send crafted packets. This misdirects the controller into writing code to an unintended memory region before iOS boots.

While the exploit bypasses signature checks and allows custom system code, it does not compromise the Security Enclave that stores encrypted data like passcodes. Nevertheless, the ability to inject code before boot creates a serious risk for stolen devices, as attackers can hijack the entire operating system.

Apple cooperated with the researchers to address the issue, but the most reliable safeguard remains upgrading to newer hardware. Older models running the A11 processor are completely unaffected, giving users a clear path to mitigate the flaw without immediate replacement.