Unpatchable Apple Chip Vulnerability Could Enable iPhone Jailbreaks on Older Devices.
A newly disclosed hardware flaw in Apple A12 and A13 chips could help researchers develop iPhone jailbreaks on older devices. Learn which iPhones are affected, how the exploit works, and why software updates cannot fix it.
A cybersecurity company that develops spyware and hacking tools for government agencies has disclosed details of a vulnerability affecting Apple chips that could potentially help researchers unlock older iPhone models.
The disclosure creates new opportunities for security researchers who specialise in identifying iOS vulnerabilities, including those working for governments and private contractors, to build more advanced iPhone exploits by combining this flaw with additional vulnerabilities. Such a chain of exploits could ultimately contribute to the development of an iPhone jailbreak, allowing researchers to bypass Apple’s software restrictions and gain deeper access to the operating system.
The discovery also serves as another reminder that although Apple has significantly strengthened iPhone security over the years, highly skilled attackers continue to identify vulnerabilities that can be exploited under the right circumstances.
On Friday, Barcelona-based offensive cybersecurity firm Paradigm Shift published technical details of the vulnerability, which it has named “usbliter8.” The company also released a proof of concept demonstrating how the flaw can be exploited. However, the attack requires physical access to the target device.
The vulnerability affects iPhones powered by Apple’s A12 and A13 processors, introduced in 2018 and 2019. Those chips are found in devices including the iPhone XS, iPhone XR, and the iPhone 11 lineup.
While the release of usbliter8 is considered significant within the security research and commercial hacking community, it does not mean that anyone can easily compromise these older iPhones.
According to Paradigm Shift, the flaw exists within the iPhone’s Boot ROM, the first code executed when the device powers on and one of its most critical security layers. Attackers who physically possess a device typically need to compromise the Boot ROM before attempting further attacks. The usbliter8 exploit provides a method to gain that initial foothold, potentially allowing additional security protections to be bypassed through further exploit chains.
In its blog post, Paradigm Shift noted that because the vulnerability exists within immutable code permanently embedded in the chip, upgrading to newer hardware remains the most effective way for affected users to protect themselves.
In practical terms, the Boot ROM is permanently burned into the processor during manufacturing, meaning vulnerabilities discovered in it cannot be corrected through software or firmware updates.
Companies that produce forensic tools used by law enforcement agencies, including Cellebrite and Magnet Forensics, generally rely on techniques similar to usbliter8 to gain access to locked iPhones seized during investigations. Even so, exploiting the Boot ROM alone is insufficient; additional vulnerabilities are typically required before user data stored on the device can be accessed.
Publicly available iPhone jailbreaks were relatively common several years ago but have become increasingly rare over the past decade as Apple has strengthened its security architecture. Jailbreaking remains an important step for many security researchers investigating additional iOS vulnerabilities. However, researchers who discover valuable exploits often have little incentive to release them publicly, as doing so would allow Apple to patch related vulnerabilities and reduce the long-term value of their research.
What's Your Reaction?
Like
0
Dislike
0
Love
0
Funny
0
Angry
0
Sad
0
Wow
0