European offensive cybersecurity firm Paradigm Shift has released details of a critical vulnerability in Apple's A12 and A13 chips, paving the way for potential jailbreaks on older iPhones. The flaw, dubbed 'usbliter8', resides in the Boot ROM, the first code executed when an iPhone boots and its primary defense against attackers. Because the Boot ROM is burned into the chip, the vulnerability is unpatchable, leaving affected devices permanently exposed. This includes iPhones XS, XR, and iPhone 11, which use these processors.
According to a blog post published on Friday, the flaw can be exploited with physical access to the device by connecting a cable. Paradigm Shift released a proof of concept demonstrating how to bypass subsequent security checks, potentially leading to full control over iOS. While not a remote attack, it poses a serious risk if an attacker gains physical possession of an unlocked device. The company emphasized that since the vulnerability is in immutable code, upgrading to newer hardware is the only effective mitigation.
Sponsored Protocol
Attack mechanism and affected devices
The exploit targets a weakness in the Boot ROM of Apple's A12 (2018) and A13 (2019) chips. These chips power devices like the iPhone XS, XR, and iPhone 11. Paradigm Shift noted that because the Boot ROM cannot be modified, Apple cannot issue a software patch. This means users of these phones are permanently vulnerable unless they switch to newer models. In the security research community, the release of 'usbliter8' is significant because it provides a starting point for developing complete jailbreaks. However, accessing encrypted user data still requires chaining additional vulnerabilities. Companies like Cellebrite and Magnet Forensics likely already have similar techniques for law enforcement, but public disclosure may spur a race among governments and contractors to build full exploits.
Sponsored Protocol
Market impact and advice for users
The news comes as Apple faces chip shortages driving up iPhone 17 prices, as reported in this article, and prepares for the Apple Watch Ultra 4 launch in September. For users of iPhone XS, XR, and 11, upgrading to a newer model is strongly advised. Physical security measures, such as strong passcodes and full-disk encryption, can deter opportunistic attacks. Public iPhone jailbreaks have become rare in the last decade because researchers have little incentive to release vulnerabilities that Apple would then fix. However, 'usbliter8' could change that dynamic. For more background on Boot ROMs, see Wikipedia's entry.
Sponsored Protocol
Ultimately, this vulnerability underscores that hardware flaws are the hardest to defend against. While limited to older devices, it serves as a reminder that no system is impenetrable. Paradigm Shift's disclosure highlights the ongoing cat-and-mouse game between Apple and security researchers. For now, the safest bet for affected users is to move to newer hardware.
