A cybersecurity company known for supplying spyware and hacking tools to government agencies has disclosed details of a vulnerability in Apple chips that could assist researchers and sophisticated hackers in unlocking older iPhone models.
The disclosure may enable security experts specialising in iOS vulnerabilities, including those working for governments and private contractors, to develop more effective methods of compromising iPhones.
By combining this flaw with additional vulnerabilities, researchers could potentially create a new iPhone jailbreak, allowing them to bypass Apple’s software restrictions and gain deeper access to the operating system.
While the revelation is significant within the cybersecurity community, it does not mean that older iPhones can now be easily hacked by the general public. Rather, it highlights the reality that even Apple’s highly secure devices remain vulnerable to determined and well-resourced attackers.
The vulnerability, dubbed “usbliter8”, was unveiled by Barcelona-based offensive cybersecurity firm Paradigm Shift. The company also released a proof-of-concept exploit demonstrating how the flaw can be abused.
However, exploiting the vulnerability requires physical access to the targeted device.
The flaw affects iPhones powered by Apple’s A12 and A13 chips, introduced in 2018 and 2019 respectively. These processors are found in devices such as the iPhone XS, iPhone XR and the iPhone 11 series.
According to Paradigm Shift, the vulnerability resides in the iPhone’s Boot ROM, the immutable code that runs when the device starts up and serves as one of its earliest security barriers. By exploiting this weakness, an attacker with physical access to the device could potentially bypass key security mechanisms and pave the way for further attacks.
The company noted that because the vulnerability exists in code permanently embedded within the chip, it cannot be fixed through software updates. As a result, upgrading to newer hardware remains the most effective way for affected users to protect themselves.
The disclosure is particularly relevant to companies that develop forensic tools for law enforcement agencies, such as Cellebrite and Magnet Forensics. Such firms rely on advanced techniques to gain access to locked devices and may already possess similar capabilities. Nevertheless, additional exploits would still be required to access data stored on affected iPhones.
Public iPhone jailbreaks were once common, but they have become increasingly rare over the past decade as Apple has strengthened its security measures.
Jailbreaking remains a valuable tool for researchers seeking to uncover further vulnerabilities, although many choose not to disclose their findings publicly, as doing so often results in Apple patching the weaknesses and reducing their research value.
Paradigm Shift did not respond to requests for comment regarding the usbliter8 vulnerability.
