New exploit can unlock older iPhones, Apple cannot patch it

A hardware flaw in older iPhones can let attackers run unsigned code at startup and alter the device’s boot process, and Apple cannot repair it with a software update. The exploit, called usbliter8, affects devices with A12 and A13 chips, including the iPhone XS, iPhone XS Max, iPhone XR, iPhone 11, and iPhone 11 Pro, as well as some iPads and Apple Watches. Because the bug sits in immutable BootROM and SecureROM code burned into silicon, the only real fix is moving to newer hardware.

The practical risk is not a remote phishing campaign. Paradigm Shift said exploitation requires physical access and Device Firmware Update, or DFU, mode, which means an attacker has to get hands on the device. That makes the flaw most relevant in theft, border inspection, repair-shop tampering, or other situations where an iPhone, iPad, or Apple Watch can be handled directly. In proof-of-concept form, the exploit can load unsigned code during boot, bypass signature checks for custom iBoot images, change DFU behavior, and mark compromised devices with the PWND string used in jailbreak circles.

Apple’s own security design still matters here, but only up to a point. Apple says secure boot starts in immutable Boot ROM and that the Secure Enclave is isolated from the main processor to protect sensitive data even if the application processor is compromised. Paradigm Shift said the flaw does not directly break into the Secure Enclave Processor, which guards passcodes and encryption keys, but it does punch a hole in the device’s trust chain at the earliest stage of startup.

Security researchers are already comparing usbliter8 with checkm8, the 2019 unpatchable BootROM exploit that affected A5 through A11 devices. The parallel is stark: once the vulnerable code is fixed in silicon, software updates cannot remove it. Paradigm Shift said it disclosed the issue to Apple before publishing its findings and coordinated the release.

For users of affected hardware, the response is about reducing exposure, not waiting for a patch. Keep the device physically secure, use a strong passcode, enable Find My and activation lock, and avoid handing the phone to unknown repair technicians or leaving it unattended in places where it can be seized. For people who face a higher risk of hands-on access by a determined adversary, upgrading to newer hardware is the only meaningful way to close the door.