Security researchers at Paradigm Shift have disclosed a severe flaw they call usbliter8, and unlike a normal iOS bug, it is baked into the processor hardware itself. Because the problem sits inside older Apple chips, it cannot be patched with a software update and is considered effectively permanent on affected devices.
Paradigm Shift says it worked with Apple before publishing the findings. The flaw affects a wide range of devices still in everyday use, including iPhone XR, iPhone XS, iPhone 11 and the low-cost iPhone SE models. It also applies to iPad Air 3, iPad mini 5 and ninth-generation iPads, as well as Apple Watch Series 4 and 5 and the HomePod mini. The researchers expect it will also affect 2018 and 2020 iPad Pro models.
To exploit the issue, an attacker must physically hold the device and connect it by USB while it is in a special boot state. They then send a specific data sequence that confuses the USB controller, causing memory to be written incorrectly. That can let the attacker bypass Apple’s normal protections and run their own code before iPhone operating system startup begins.
The researchers stressed that the flaw cannot break into the processor’s secure enclave, so passcodes, fingerprints, Face ID and encrypted personal data remain protected while the phone is locked. Still, they said the only way to be 100% safe is to move to a newer device. They also noted that a similar vulnerability was previously used to create jailbreak tools for older iPhones, and they expect that may happen again.
