A newly disclosed hardware vulnerability has raised concerns among users of older Apple devices. Cybersecurity researchers at Paradigm Shift have identified a flaw known as “usbliter8” that affects several iPhone, iPad, and Apple Watch models powered by Apple’s A12, A13, S4, and S5 chips. What makes the discovery particularly significant is that the vulnerability cannot be fixed through a software update.
Which iPhones Are Affected?
According to the researchers, the vulnerability impacts devices powered by Apple’s A12 and A13 processors. This includes:
- iPhone XS
- iPhone XS Max
- iPhone XR
- iPhone 11
- iPhone 11 Pro
- iPhone 11 Pro Max
- iPhone SE (2nd Generation)
Several iPad and Apple Watch models using related chipsets are also vulnerable.
What Is the ‘usbliter8’ Vulnerability?
The flaw exists within the USB controller and firmware of the affected chips. Researchers found that the controller does not properly reset memory addresses between data transfers. As a result, an attacker with physical access to the device can inject unauthorised code into protected memory areas.
This could allow the device to be jailbroken before iOS fully loads, bypassing many of Apple’s built-in security protections. Once exploited, attackers may be able to run unauthorised software or access sensitive information stored on the device.
Why Apple Cannot Fix It
Unlike traditional software bugs, usbliter8 is rooted in the hardware design itself. Because the vulnerability exists at the chip level, Apple cannot eliminate it through an iOS update or security patch. This is why researchers describe the flaw as “unpatchable.”
Apple was reportedly informed about the issue before public disclosure and worked with researchers during the responsible disclosure process.
How Serious Is the Threat?
The good news is that the vulnerability cannot be exploited remotely. Attackers need physical possession of the device and specialised equipment to carry out the attack. This significantly reduces the risk for everyday users.
However, the flaw could be problematic in situations involving lost, stolen, seized, or confiscated devices. In such cases, attackers may have enough time and access to exploit the vulnerability.
What Should Users Do?
Security experts recommend maintaining strong device security practices, including using a strong passcode, enabling encryption, and ensuring devices are not left unattended. For users handling highly sensitive data, migrating to newer hardware may be the safest long-term option.
Researchers note that devices powered by Apple’s A14 chip and newer processors are not affected by the vulnerability. This includes more recent iPhone models released after the iPhone 11 generation.
The Bigger Picture
The discovery highlights an important challenge in modern cybersecurity: not every vulnerability can be fixed with a software update. While Apple’s security architecture remains among the strongest in the industry, hardware-level flaws can persist throughout a device’s lifespan.
For most users, there is no immediate reason to panic. Since the attack requires physical access and technical expertise, the practical risk remains limited. Nevertheless, the finding serves as a reminder that hardware security is just as important as software security in protecting modern smartphones.
