Tuesday , July 14 2026
Apple

New Apple Exploit Bypasses Boot Defenses, Possibly Affects Millions of iPhones Worldwide

Researchers at cybersecurity firm Paradigm Shift found a new flaw called usbliter8. This flaw can get around main boot protections on many older Apple devices, like iPhones with A12 and A13 chips.

The study describes an attack on SecureROM, which is the first code that loads when an Apple device turns on. It is key to the company’s secure boot process. Since SecureROM is built into the hardware during production, problems here can’t be solved with regular software updates.

Meta’s louisiana data center to exceed 250 billion price tag

Meta announced on Monday that its data center in Richland Parish, Louisiana, will grow to 5 gigawatts of computing power....
Read More
Meta’s louisiana data center to exceed 250 billion price tag

Ransomware Crisis in 2026: 5,064 Organizations Affected in 135 Countries

Global ransomware attacks stayed very high in the first seven months of 2026. There were 5,064 confirmed victims in 135...
Read More
Ransomware Crisis in 2026: 5,064 Organizations Affected in 135 Countries

Palo Alto Networks Addresses 13 Vulnerabilities

Palo Alto Networks shared warnings on Wednesday about over twelve security issues in its products. The new warnings include 13 security...
Read More
Palo Alto Networks Addresses 13 Vulnerabilities

Critical Dell BIOS & Zimbra Flaws Expose Enterprise Systems

A critical flaw with how Dell saves BIOS passwords lets anyone quickly recover these passwords from a flash dump without...
Read More
Critical Dell BIOS & Zimbra Flaws Expose Enterprise Systems

CoLoCity Launches New 1.0 MW Data Center Facility at Gulshan

CoLoCity is proud to launch a new Data Center in Gulshan-2. It is designed to meet the growing demand for...
Read More
CoLoCity Launches New 1.0 MW Data Center Facility at Gulshan

Daily Cyber security update for 10. 07. 2026

Cyberattacks are rising around the world, including ransomware, malware, data leaks, and hacked websites. These events show how complex and...
Read More
Daily Cyber security update for 10. 07. 2026

How Hacker Compromise AWS Cloud Environment Using AI in 72 Hours

A major AWS attack shows how attackers with AI can connect known cloud strategies to go from first access to...
Read More
How Hacker Compromise AWS Cloud Environment Using AI in 72 Hours

Mycelium Framework: First AI-as-a-Service Botnet

A new cybercrime ad is catching attention in the security world. It talks about a botnet that doesn't just get...
Read More
Mycelium Framework: First AI-as-a-Service Botnet

CrowdStrike Shows 5 New Prompt Injection Techniques for AI Agents

CrowdStrike has shared five new ways to inject prompts, showing the rising danger to AI agents as more organizations use...
Read More
CrowdStrike Shows 5 New Prompt Injection Techniques for AI Agents

Critical GCP Dialogflow Vulnerability Allows Malicious Code Injection

A critical flaw in Google Cloud Platform’s Dialogflow CX lets attackers add harmful code to a company's AI chatbot system....
Read More
Critical GCP Dialogflow Vulnerability Allows Malicious Code Injection

The researchers said the problem joins a hardware flaw in a USB controller with a weak firmware setup to break Apple’s boot process and get into the system.

“By publishing this research and the accompanying proof of concept, we aim to document the real-world impact of this class of hardware vulnerabilities, contribute to the broader understanding of modern BootROM security, and demonstrate that even recent SecureROM generations remain susceptible to subtle hardware flaws,” Paradigm Shift wrote in its disclosure.

Usbliter8 chains a USB controller bug and a device firmware configuration weakness. The exploit, which requires physical USB access to the targeted device, works against iPhones with A12 and A13 chips — including iPhone XS, XR, and 11 — and Apple Watches with S4 and S5 chips. It’s worth noting that the affected chips were released in 2018 and 2019.

However, the exploit cannot directly be used to access user data. The researchers noted in their disclosure that Apple’s Secure Enclave Processor (SEP), a separate security processor that protects user data, is not directly compromised by the exploit.

“Although usbliter8 doesn’t affect SEP itself, it opens up wider attack vectors to compromise the Secure Enclave,” Paradigm Shift researchers explained.

“By publishing this research and the accompanying proof of concept, we aim to document the real-world impact of this class of hardware vulnerabilities, contribute to the broader understanding of modern BootROM security, and demonstrate that even recent SecureROM generations remain susceptible to subtle hardware flaws,” the company’s researchers noted.

UPDATE:

Apple told that “its devices are designed with multiple layers of security in order to protect against a wide range of potential threats, and pointed out that iPhone, iPad and Watch models with A14/S6 or newer chips are not affected, and neither are any Mac devices.

The company also noted that the Usbliter8 exploit does not bypass data protection mechanisms, and user information such as files, photos, or messages cannot be directly accessed via exploitation of this vulnerability.

Apple said that while the vulnerability was fixed years before this research in its newer devices, it still appreciates the researchers sharing their work.”

Check Also

Tata

India’s Tata Electronics hit by cyber breach: Hacker target 630 GB record

A cyber attack seems to have affected one of India’s top electronics companies. Tata Electronics …