Moor Studio/Getty Images
Here's how to choose what to do about it ... or not.
A couple of months have gone by since the last major security threat to plague Apple’s ecosystem, so we’re due for another round. This time, a fatal flaw has been identified for a very specific group of iPhone models, and unlike most bugs we cover here on Blaze Media, this one costs real money to fix. Here’s everything you need to know.
The fatal flaw in question is a BootROM exploit known as usbliter8. For curious minds, BootROM is the on-device component that’s required to boot up a device, or turn it on from a power-off state.
It can’t be resolved by downloading a future iOS update.
This system relies on a “chain of trust” to validate a device’s hardware and software every time the phone boots up to ensure that all components are secure and uncompromised on a cybersecurity level. If BootROM is compromised in any way, hackers can install unauthorized code, downgrade your phone to a less secure version of iOS, and potentially leverage other exploits to access data.
Luckily, not all iPhones are at risk. The usbliter8 exploit specifically affects Apple devices with A12 and A13 chips under the hood. Drilling down deeper, these iPhone models are in danger along with several Apple Watches. Check the list to see if your phone is included:
If you’re not sure which iPhone you have, open the Settings app, tap on General, then About, and find the model of your phone under Model Name.

What makes this flaw so tricky is that it takes place on the hardware level. Unlike software-related bugs that can be patched with a quick update directly from Apple, usbliter8 is attached to the chip inside your smartphone.
That means it can’t be resolved by downloading a future iOS update. The problem will remain on your handset for what’s left of its life.
So how do you fix a flaw that can’t be repaired with new software?
There’s only one solution, and you probably won’t like it.
RELATED: Dems launch new push to control more of what you do in your car

You have to upgrade your iPhone to a new model outside of the affected devices. In other words, if your phone is on the threat list, you need to replace your vulnerable device with an iPhone 12 from 2020 or newer.
For many iPhone owners with these older models, this may be a hard pill to swallow. New phones are expensive, and they’re only growing less affordable, thanks to the RAM shortages brought on by AI.
So let’s say you can’t or don’t want to upgrade to a new iPhone to fix the problem. Should you be worried about someone hacking into your device?
By all accounts, the risk of an usbliter8 actually happening in a real-life situation is slim. In order to carry out an attack, the hacker would need physical access to your device, and he would have to be able to put the phone into Device Firmware Upgrade mode. As long as you keep your phone on your person or in a bag at all times, you’re probably safe.
Bonus tip: Never plug your phone directly into a public charging cable you might find at a restaurant, airport, rest stop, hospital, or a college campus. Sometimes these cables are tampered with or comprised in a way that exposes your device to bad actors. If you must charge your phone in public, bring your own cable and charging brick that plugs directly into a wall outlet.
That said, in the event that your phone is stolen or accessed via usbliter8, there isn’t much that can stop a hacker from breaking in. The hacker doesn't need your password to access DFU mode and install malicious code. However, usbliter8 can’t break into encrypted data on an iPhone on its own, so always use a complex password and biometric authentication, such as FaceID or TouchID. Those are your best defenses.
Zach Laidlaw