Millions of iPhones Have a Security Flaw That Apple Can Never Fix

A massive security flaw has just landed on millions of older iPhones and iPads, and Apple cannot do anything to patch it. The flaw, discovered by security research group Paradigm Shift, targets the A12 and A13 Bionic chips, exposing devices like the iPhone XS and the iPhone 11 series to deep level security risks.

Because the issue sits directly within the permanent hardware of the processor, it is entirely unpatchable. No matter how many software updates Apple sends out in the future, the physical vulnerability remains on the chip for life (via MacRumors).

The problem lies inside the BootROM, which is sometimes called the SecureROM. This is the very first bit of code that runs on an iPhone processor the absolute second it boots up.

When you build a microchip, this foundational code gets baked permanently into the silicon at the factory. It cannot be rewritten or modified later by a standard iOS software update. If a hacker finds a loophole here, they hold a permanent key to the device.

According to Paradigm Shift, the flaw involves the built-in USB controller on the microchip. When an iPhone connects to a computer via USB during its startup phase, the controller relies on a small slice of temporary memory called a buffer to handle incoming data packets.

The researchers discovered that by sending a specific, highly unusual sequence of very small data packets, they could trick the chip’s internal system. The process forces a hardware pointer to walk backwards through the phone’s memory. This opening allows external code to write data directly into protected memory zones where it should never be allowed to go.

The researchers confirmed that this is a hardware engineering oversight, not a mistake in Apple’s software code.

The following hardware lines are explicitly affected by the issue:

• A12 Bionic Devices: iPhone XS, iPhone XS Max, iPhone XR, iPad Air (3rd generation), iPad mini (5th generation), and the iPad (8th generation).
• A13 Bionic Devices: iPhone 11, iPhone 11 Pro, iPhone 11 Pro Max, and the iPhone SE (2nd generation).

Interestingly, older and newer phones are completely safe from usbliter8. The older A11 chip used in the iPhone X avoids the issue because its older USB driver manually resets the memory pointer after handling every single data packet.