A vulnerability in the Boot ROM of some Apple devices can be exploited by an unauthenticated local malicious user to execute arbitrary code upon booting those devices. The Boot ROM, which is located within the processor, contains the first code executed by the processor upon booting the device. Because the Boot ROM is read-only, it cannot be patched with a firmware update.Apple devices that implement processing chips A5 through A11 are vulnerable. This corresponds to iPhone models 4S through X; additionally, certain models of iPad, Apple Watch, iPod Touch, and Apple TV are vulnerable. See the Malwarebytes blog entry for a full list of affected devices. Further details about the vulnerability are available in Ars Technica's interview with the vulnerability's discoverer.