Two more generations of Apple chips have a permanent hardware vulnerability, and there is no patch coming.
Security firm Paradigm Shift published details of a BootROM exploit named usbliter8, targeting Apple's A12 and A13 chips - the silicon inside the iPhone XS through the iPhone 11 series. The flaw lives in the USB controller hardware: by sending a specific sequence of unusually small packets during startup, an attacker can manipulate an internal pointer into walking backwards through memory, writing data to regions that should be off-limits. Because BootROM is burned into the chip at manufacture, no software update can touch it. Every affected device stays vulnerable for its entire lifespan.
The A11 dodged this because its USB driver manually resets the pointer after each packet - a small implementation detail that turns out to matter a great deal. The A14 and later are safe too, thanks to a correctly configured memory protection feature at the BootROM level. The A12 and A13 sit in an unlucky gap between both fixes. On A12 chips code execution is relatively straightforward; on A13 chips, Apple's Pointer Authentication Codes (PAC) forced Paradigm Shift into a lengthy multi-step workaround before the researchers could take control.
usbliter8 is the direct successor to checkm8, the 2019 BootROM exploit that covered iPhone 4S through iPhone X. That exploit became the foundation for jailbreaks and security research tools still in use today - which tells you exactly where usbliter8 is likely headed next. Neither exploit enables remote attack; physical USB access during boot is required, which limits real-world risk but does not eliminate it for high-value targets.