Do you still use an iPhone 11, XS, XR, or SE? If so, I have some bad news. Yep, another security flaw has been discovered, and Apple can't fix this with one of its typical updates.

In a blog post published on Thursday, cybersecurity firm Paradigm Shift revealed a security vulnerability that it discovered and successfully exploited in older model iPhones with Apple's A12 or A13 chip. Dubbed usbliter8, the flaw affects the boot ROM, aka SecureROM, code of an iPhone, which executes before the operating system loads. By exploiting usbliter8, an attacker could install their own malicious code or run unauthorized commands on a victimized iPhone.

Because the flaw is in the device's ROM, Apple can't patch it via a software update. The only saving grace is that the flaw can't be triggered remotely. An attacker would need physical access to your phone. They would also need enough time to restart your device and enough know-how to take advantage of the exploit.

Plus, the researchers at Paradigm Shift were unable to bypass Apple's other security safeguards, such as Data Protection. As such, your files, photos, messages, and other user data are not affected by the flaw.

"BootROM vulnerabilities are relatively rare, and when they surface the physical access requirement tends to give organizations a false sense of comfort," Shane Barney, chief information security officer of Keeper Security, told ZDNET. "The assumption is that if an attacker needs to physically hold the device, the risk is contained, and that assumption is worth examining carefully because it does not hold up in practice.

Also: How to download the iOS 27 developer beta (and which iPhone models support it)