Cybersecurity company Paradigm Shift has disclosed a vulnerability in older Apple chips that could help researchers develop jailbreaks and forensic tools for affected iPhones and other devices.
The flaw, named “usbliter8,” affects Apple’s A12 and A13 processors, which were introduced in 2018 and 2019. It requires an attacker to have physical possession of the device and does not provide a complete method for accessing a user’s stored information by itself.
Flaw Affects the Device Startup Process
The vulnerability exists in the Boot ROM, the first code that runs when an Apple device starts. This early component verifies software before the operating system loads, making it an important part of Apple’s security architecture.
Paradigm Shift said the flaw could allow researchers to run unauthorised code during the startup process and bypass some later security checks. However, additional vulnerabilities and techniques would still be required to unlock a protected device or retrieve its data.
Affected phones include the iPhone XS, XS Max, XR, second-generation iPhone SE, and the iPhone 11 series. Some iPads, Apple Watches, Apple TV devices, and HomePod models using related processors may also be affected.
The company published its technical disclosure alongside a proof-of-concept intended for security research. Paradigm Shift said it notified Apple before publication and thanked the company for its response and cooperation.
Apple has not issued a separate public advisory or confirmed whether it plans additional protections within iOS.
Software Updates Cannot Replace the Boot ROM
Unlike most security flaws, the underlying Boot ROM code is permanently built into the processor during manufacturing. Apple cannot directly replace that code through a conventional software update.
The company could still introduce software protections that make related attacks more difficult. Users should continue installing the latest Apple security updates because they address other vulnerabilities that could potentially be combined with a hardware flaw.
Paradigm Shift said moving to newer hardware remains the most effective way to avoid the issue. Devices using Apple’s A14 processor or later are not included in the company’s disclosed list.
Physical Access Limits the Immediate Risk
The vulnerability cannot be triggered remotely through a website, message, or application. An attacker would need physical access to the device and specialised equipment.
That limitation reduces the risk for most consumers but may be significant for lost, stolen, or seized devices. Companies that provide forensic tools to government and law-enforcement agencies often combine several vulnerabilities to access locked phones.
Public iPhone jailbreaks have become less common as Apple’s security has improved and researchers have gained stronger financial incentives to keep valuable vulnerabilities private.
Featured image credits: Yutaka Tsutano via Flickr
For more stories like it, click the +Follow button at the top of this page to follow us.