AIO APEX
Security

Security researchers find an unpatchable flaw burned into Apple's A12 and A13 chips

TechCrunch
Share:
Security researchers find an unpatchable flaw burned into Apple's A12 and A13 chips

A Barcelona-based offensive security company has disclosed a permanent, unpatchable vulnerability hidden in the boot firmware of Apple's A12 and A13 processors — the chips that powered the iPhone XS, XR, and the entire iPhone 11 lineup. The flaw, dubbed usbliter8, resides in the device's SecureROM, the immutable code that runs first when an iPhone starts up. Because it is baked into hardware, Apple cannot patch it with any software update.

What the researchers found

Paradigm Shift, the firm behind the disclosure, found that usbliter8 enables an attacker to "potentially defeat and bypass further security checks" on affected devices. To trigger the vulnerability, an attacker needs physical possession of the iPhone, which must first be placed in DFU (Device Firmware Update) mode and connected via USB. There is no remote attack vector — this is not the kind of flaw that puts users at risk through a malicious website or app.

The practical limitation is that usbliter8 alone does not hand over the device. It needs to be chained with additional vulnerabilities to achieve a full compromise of user data. Think of it as cracking the front gate of a secured facility — an attacker still needs to pick the interior locks. For most consumers, the risk is low. For high-value targets or anyone whose device might fall into the hands of a state-level actor, the calculation is different.

Why a Boot ROM flaw is a bigger deal than most

Apple's security architecture begins at SecureROM. It is the root of the chain of trust that validates everything from the bootloader to the operating system. Software vulnerabilities can be patched in future updates; hardware vulnerabilities cannot. A permanent crack in this foundation changes the threat model for an affected device for as long as it is in use.

The affected chips — A12 (2018) and A13 (2019) — are no longer in production, and most iPhone users have moved on to newer hardware. But older iPhones remain in widespread use, particularly in enterprise and government environments where device refresh cycles are slow. Organizations still running iPhone XS, XR, or iPhone 11 models should treat this disclosure as a flag to accelerate hardware refresh planning.

Apple has not issued a public statement. The company generally does not comment on active security disclosures until it has an official response or patch to announce — though in this case, no patch is possible. Paradigm Shift released the research publicly, consistent with its offensive security research model, as first reported by TechCrunch.

Applevulnerabilitysecurityiphonejailbreakboot-romhardware-security

Originally reported by TechCrunch. Read the original article for additional details.

View original source
Share: