A New Unpatchable iPhone Vulnerability Has Been Discovered — Is Your Device at Risk?
If you're still using an older iPhone, there's a serious security concern you need to know about. Researchers have uncovered a new hardware-level vulnerability that affects iPhones powered by Apple's A12 and A13 chips — and the most alarming part is that Apple cannot patch it. Unlike software bugs that can be fixed through iOS updates, this flaw lives deep in the hardware itself, making it permanent for the affected devices.
The exploit, dubbed usbliter8, was discovered and detailed by researchers at Paradigm Shift. It joins a growing list of hardware-level iPhone exploits, including the well-known checkm8 and the more recent DarkSword, confirming that even Apple's tightly controlled ecosystem is not immune to low-level security threats.
What Is the usbliter8 Exploit?
The usbliter8 exploit is classified as a BootROM vulnerability. BootROM — short for Boot Read-Only Memory — is the very first code that runs when you power on an iPhone. It handles the initial startup sequence and is responsible for verifying the integrity of the rest of the software that loads afterward. Because it is stored in read-only memory and baked into the chip at manufacturing, it cannot be modified or updated after the fact.
Researchers at Paradigm Shift published an extensively detailed technical breakdown of the exploit, explaining that usbliter8 leverages two distinct weaknesses working in combination: a hardware bug found in the device's USB controller and a firmware configuration flaw. Together, these issues can be exploited to gain unauthorized access to an iPhone's startup process — effectively allowing an attacker to interfere with the device at its most fundamental level before any operating system protections have a chance to kick in.
Because the vulnerability exists in the BootROM itself — a component that is physically hardwired and not software-updateable — there is no patch Apple can release, no matter how quickly the company responds. The flaw is permanent in any device that ships with the affected chip design.
Which iPhones Are Affected?
The usbliter8 vulnerability affects iPhones running Apple's A12 and A13 Bionic chips. These chips powered some of Apple's most popular iPhone generations, meaning a very large number of devices currently in use around the world could be at risk. The affected models generally include:
- iPhone XS and iPhone XS Max (A12 Bionic)
- iPhone XR (A12 Bionic)
- iPhone 11, iPhone 11 Pro, and iPhone 11 Pro Max (A13 Bionic)
- Second-generation iPhone SE (A13 Bionic)
If your daily driver is one of these models, your device carries this vulnerability by design — and no iOS update will change that reality. It is worth noting that iPhones with newer processors, starting from the A14 Bionic and beyond, do not appear to be affected by this specific flaw.
How Does It Compare to Previous iPhone Exploits?
This isn't the first time iPhone hardware has been found vulnerable at the BootROM level. The checkm8 exploit, discovered in 2019, targeted a wide range of older iPhones from the iPhone 4S all the way through the iPhone X, affecting the A5 through A11 chips. It was similarly unpatchable and was widely used by the jailbreaking community as well as law enforcement forensic tools. DarkSword, a more recently surfaced exploit, showed that even beyond checkm8, Apple's hardware security posture continues to face challenges.
What makes usbliter8 particularly noteworthy is that it extends this class of unpatchable BootROM exploits further into newer hardware generations — specifically the A12 and A13 chips — chips that many people still rely on as their primary devices today. While checkm8's affected devices are now quite old and largely out of active use, A12 and A13 iPhones remain common, making this discovery significantly more relevant to the current user population.
Can Apple Do Anything About It?
The short and sobering answer is no. Because the vulnerability is rooted in the physical hardware design of the chip's USB controller and compounded by a firmware configuration issue, it falls outside the reach of any software or firmware update Apple could push. The company cannot retroactively redesign or replace the chip in devices that have already been manufactured and sold.
Apple has historically responded to BootROM vulnerabilities by fixing the chip design in subsequent processor generations. This is precisely how the company addressed checkm8 — the A12 chip that was used to fix checkm8 is ironically now the chip found vulnerable in usbliter8. Apple will likely address this latest vulnerability in future chip revisions, but existing A12 and A13 devices will remain permanently exposed.
What Can You Do to Stay Safe?
While the vulnerability is serious, it is important to understand that exploiting it in practice typically requires physical access to the device or very specific conditions. That said, users with affected iPhones should take the threat seriously, especially given the sensitive personal data most people store on their phones.
Here are practical steps to reduce your risk:
- Upgrade your device: The most definitive mitigation is switching to an iPhone with a newer chip, such as those running the A14 Bionic or later. This removes the vulnerable hardware entirely from the equation.
- Never leave your iPhone unattended: Since physical access is likely required for practical exploitation, keeping your device physically secure dramatically reduces risk.
- Use a strong passcode and enable full-device encryption: While this won't eliminate the BootROM vulnerability, layering additional security can make exploitation more difficult.
- Stay updated on iOS: Even if iOS updates can't patch this specific flaw, they address countless other vulnerabilities that could be chained together with hardware exploits.
- Monitor for suspicious activity: Be alert to any unusual behavior on your device that could indicate unauthorized access or tampering.
The Bigger Picture: Hardware Security in the Age of Long Device Lifespans
The discovery of usbliter8 raises important questions about the security of aging hardware in an era where people often hold onto their smartphones for four, five, or even six years. Software ecosystems like iOS are well-equipped to push security patches indefinitely, but hardware flaws represent a fundamentally different category of risk — one that no software update cycle can resolve.
For everyday users, the takeaway is clear: if you are still using an iPhone with an A12 or A13 chip and you store sensitive data on it, now is a very compelling time to consider upgrading to a newer model. Your data's security may depend on it.