CVE-2019-8900 – A SecureROM vulnerability in certain Apple devi... (How to Fix)

Q: What is the severity of CVE-2019-8900?

CVE-2019-8900 has a CVSS score of 6.8 (MEDIUM). A SecureROM vulnerability in certain Apple devices allows unauthenticated local attackers with physical access to execute arbitrary code during boot via DFU mode. This affects iPhones, iPads, and iPods with vulnerable SecureROM versions. The exploit is non-persistent and doesn't bypass Secure Enclave or biometric protections.

📋 TL;DR

A SecureROM vulnerability in certain Apple devices allows unauthenticated local attackers with physical access to execute arbitrary code during boot via DFU mode. This affects iPhones, iPads, and iPods with vulnerable SecureROM versions. The exploit is non-persistent and doesn't bypass Secure Enclave or biometric protections.

💻 Affected Systems

Products:

iPhone
iPad
iPod touch

Versions: Devices with vulnerable SecureROM versions (specific models not publicly detailed)

Operating Systems: iOS, iPadOS

Default Config Vulnerable: ⚠️ Yes

Notes: Requires specific hardware models with vulnerable SecureROM; newer devices patched via hardware updates.

📦 What is this software?

Securerom by Apple

View all CVEs affecting Securerom →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker with physical access could install malware, modify system files, or extract unprotected data before device fully boots.

🟠

Likely Case

Limited data theft from unencrypted partitions or temporary device compromise that disappears after reboot.

🟢

If Mitigated

No access to encrypted data or persistent changes due to Secure Enclave protection and non-persistent nature.

🌐 Internet-Facing: LOW - Requires physical access to device, not remotely exploitable.

🏢 Internal Only: MEDIUM - Physical access threat from insiders or stolen devices in organizational environments.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploit requires physical access, DFU mode entry, and connecting to computer; demonstrated at security conferences.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Hardware-based fix in newer device models; no software patch for affected devices.

Vendor Advisory: https://support.apple.com/en-us/HT210107

Restart Required: No

Instructions:

1. Replace affected devices with newer models containing updated SecureROM hardware. 2. Ensure devices run latest iOS/iPadOS versions for other security updates.

🔧 Temporary Workarounds

Physical Security Controls

all

Prevent unauthorized physical access to devices through physical security measures.

Disable DFU Mode Access

all

Restrict physical ports and computer connections for devices in secure environments.

🧯 If You Can't Patch

Implement strict physical security controls and device tracking
Use strong passcodes and enable Find My iPhone for remote wipe capabilities

🔍 How to Verify

Check if Vulnerable:

Check device model against Apple's security advisories; older models (pre-2019) are likely vulnerable.

Check Version:

Settings > General > About > Model Number

Verify Fix Applied:

Verify device is newer model with updated SecureROM hardware (typically 2019+ models).

📡 Detection & Monitoring

Log Indicators:

DFU mode entries in device logs
Unexpected boot sequences

Network Indicators:

None - purely local physical exploit

SIEM Query:

Device logs showing DFU mode activation outside authorized maintenance windows

📊 Metadata

CVE ID: CVE-2019-8900

CVSS v3 Score: 6.8 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-94

EPSS Score: 0.41% exploit probability (60.5th percentile)

Published: February 21, 2025

Last Updated: July 29, 2025

🔗 References

https://www.kb.cert.org/vuls/id/941987 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-8900, you might also want to check these: