New Unpatchable iPhone Exploit Targets Apple’s A12 and A13 Chips

Security researchers have disclosed a new hardware-level vulnerability affecting several older iPhone models, but the conditions required to exploit it mean the immediate danger to most users is limited.

European security research firm Paradigm Shift published technical details and proof-of-concept code for the exploit, named usbliter8, on June 18. The vulnerability affects Apple’s A12 and A13 processors and allows code to be executed during the earliest stage of a device’s startup process.

Affected iPhones include:

• iPhone XS and iPhone XS Max
• iPhone XR
• iPhone 11, iPhone 11 Pro and iPhone 11 Pro Max
• Second-generation iPhone SE

Apple’s specifications confirm that the second-generation iPhone SE and iPhone 11 family use the A13 Bionic chip.

Why the flaw cannot be patched

Usbliter8 targets the BootROM, also known as SecureROM, which contains the first instructions executed when an iPhone is switched on.

Unlike iOS and other software stored on the device, BootROM code is embedded in the processor during manufacturing. That means Apple cannot replace or repair the vulnerable code through a conventional operating system update.

The underlying weakness involves the USB controller used during the device’s startup and recovery processes. Paradigm Shift found that the controller accepts unusually small USB packets while continuing to adjust an internal memory pointer as though the packets were the expected size.

By sending a carefully constructed sequence of packets, an attacker can cause that pointer to move outside its intended memory area. This creates an opportunity to overwrite protected information and gain control of the device’s early boot process.

The researchers confirmed the flaw on A12 and A13 processors. Apple’s earlier A11 chip is not vulnerable because its software resets the relevant memory address after each packet, while A14 and newer processors configure additional memory protections that prevent the technique from working.

What an attacker could do

A successful exploit could allow an attacker to break part of Apple’s secure boot chain, temporarily reduce certain security restrictions and load unsigned boot software.

That makes the discovery potentially valuable for jailbreak development, device forensics and advanced security research. It could also provide a starting point for more complicated attacks against an iPhone in someone else’s possession.

However, usbliter8 does not by itself provide immediate access to every photograph, message, password or document stored on a device.

Apple’s Secure Enclave, which helps protect passcodes and encrypted user data, is not directly compromised by the exploit. Paradigm Shift warned that control of the BootROM could create new avenues for attempts against the Secure Enclave, but further vulnerabilities and techniques would still be required.

The vulnerability is permanent because it exists in the chip, but that does not necessarily mean every change made through the exploit remains active indefinitely. Some modifications are temporary, and an attacker may need to repeat parts of the process after a normal reboot.

Why most iPhone users face little immediate danger

The most important limitation is that usbliter8 is not a remote attack.

A criminal cannot use the published exploit simply by sending a text message, calling the phone or directing its owner to a malicious website. The attacker needs physical access to the iPhone, must connect equipment through USB and must interact with the device during its startup or Device Firmware Update process.

The A13 version is also substantially more difficult to exploit than the A12 implementation because it must work around Pointer Authentication, a security system intended to detect manipulated memory and control-flow data. Paradigm Shift’s researchers used a lengthy, multistage process to gain control of A13 devices.

These requirements make opportunistic attacks against ordinary users unlikely. The discovery is more relevant when an unlocked or valuable device has been stolen, seized, left unattended for an extended period or deliberately targeted by a highly capable adversary.

What affected users should do

Owners of affected iPhones do not need to stop using their devices solely because of the disclosure.

Keeping iOS updated remains important. An update cannot remove this specific BootROM flaw, but it can patch other weaknesses that an attacker might need to combine with it.

Users should also protect their phones with a strong passcode, enable Find My, avoid leaving devices unattended and act quickly if a phone is lost or stolen. People with unusually high security requirements, such as journalists, activists, executives or officials who may face targeted physical access, may wish to move to an iPhone using an A14 or newer processor.

Paradigm Shift reported the findings to Apple Product Security before publication and coordinated the disclosure with the company. The researchers said moving to newer hardware remains the most effective way to eliminate exposure completely.

Usbliter8 is an important technical breakthrough because it demonstrates that even comparatively recent generations of Apple’s secure startup code can contain permanent weaknesses. For the average iPhone owner, however, its need for physical access and specialist exploitation means it is currently more significant to researchers and forensic specialists than to everyday cybercriminals.

Photo Credit: DepositPhotos.com