Hack It Daily
Back to feed

Unfixable: Security Researchers Discover Dangerous Vulnerability in Older iPhones

Security researchers have discovered a vulnerability in Apple's A12 and A13 chips that is so hardware-level that it cannot be fixed via an update. This is particularly critical for four iPhone models.

By Jessica Chen · 4 min read
Unfixable: Security Researchers Discover Dangerous Vulnerability in Older iPhones
  • Home
  • News
  • Hardware & Gadgets

Add t3n as a preferred source on Google

Don't miss out on any news!

Security researchers have discovered a vulnerability in Apple's A12 and A13 chips that is so hardware-level that it cannot be fixed via an update. This is particularly critical for four iPhone models.

Researchers from the security firm Paradigm Shift have found a flaw in the BootROM of Apple’s A12 and A13 chips, which are present in various iPhones, iPads, Apple Watches, and Apple TV devices. The issue is so deep that it cannot be resolved by Apple through a software update, they write. The BootROM is the area that an iPhone boots before any other software – a kind of hardcoded code that cannot be changed. The flaw lies in the USB controller that Apple has integrated into its A12 and A13 chips. Attackers can manipulate the USB controller's buffer memory through specially crafted data packets. This allows access to memory areas that should be protected. In effect, it poses a risk of taking over the entire device.

Paradigm Shift has already published a proof of concept on GitHub. This utilizes a modified Waveshare USB-A board, from which a capacitor has been removed. The board is plugged into a Mac or PC, and the iPhone is connected via a Lightning cable. Other RP2350 boards can also be used for the attack, it was noted. The published code is not yet a complete jailbreak – a tool to bypass iOS restrictions. However, the researchers expect that such a jailbreak will follow soon.

The new vulnerability, dubbed “usbliter8,” is reminiscent of “checkm8,” a similar low-level vulnerability in older Apple chips. Like checkm8, it cannot be fixed via a software update and allows for permanent jailbreaks. The new vulnerability now affects the next generation of Apple processors. To execute the hack, however, the iPhone must be in the attacker’s possession.

Affected Devices

The vulnerability affects all devices with A12 and A13 chips as well as the Apple Watch processors S4 and S5 (from Series 4 and 5, as well as the first-generation SE). The researchers suspect that the A12X and A12Z are also vulnerable, but this has not yet been proven. The older A11 chip does not have this issue. Four iPhone models are affected, which Apple still supports with iOS 27: iPhone 11, iPhone 11 Pro, iPhone 11 Pro Max, and iPhone SE (second generation).

The A12 is also found in iPhone XS, XS Max, and XR. For iPads, the affected models are the fifth-generation iPad mini, the third-generation iPad Air, and the eighth-generation iPad. The second-generation Apple TV 4K also uses the A12. The A13 is found in the standard ninth-generation iPad and the first-generation Apple Studio Display.

For iPads that can be updated to iPadOS 27, three models are affected: the ninth-generation iPad and both iPad Pro models from March 2020. The A12X and A12Z chips are in the 11-inch iPad Pro (first and second generation) and the 12.9-inch iPad Pro (third and fourth generation). Apple also used them in the so-called Developer Transition Kit, which allowed developers to test software for the first Apple Silicon chips in the Mac.

What Users Can Do

Since the vulnerability lies in unchangeable code, it cannot be fixed via an update. The researchers recommend that affected users switch to newer hardware as the most effective countermeasure. As mentioned, physical access to the device is required to exploit the vulnerability. An attacker must connect the iPhone via cable to special hardware. Remote attacks over the internet are not possible.

According to Paradigm Shift, Apple is not directly responsible for the vulnerability. The flaw lies in the USB controller from the manufacturer Synopsys, specifically in the DWC2 series. Apple integrates these controllers into its system-on-chip modules, which contain not only the main processors but also the RAM and graphics chips. Bypassing the security measures is reportedly somewhat more difficult with the A13 than with the A12. However, the researchers have developed successful exploits for both chip generations.

Top Articles

Tags:#iphone#security#vulnerability#apple#a12#a13#cybersecurity

You may also like

Researchers Alarmed: AI Models Find Legal Loopholes for Tax Avoidance | t3n
Researchers Alarmed: AI Models Find Legal Loopholes for Tax Avoidance | t3n4 min read
Every Known Type of Malware: Security Experts Warn About Wallpapers on Steam
Every Known Type of Malware: Security Experts Warn About Wallpapers on Steam3 min read
Fans and Air Conditioners in Heat: What You Should Pay Attention To
Fans and Air Conditioners in Heat: What You Should Pay Attention To5 min read
Apple Watch Ultra 4: These 4 Features Are Currently Under Discussion
Apple Watch Ultra 4: These 4 Features Are Currently Under Discussion3 min read