A cybersecurity company known for developing spyware and hacking tools for government agencies has disclosed details of a vulnerability affecting older Apple iPhones, potentially opening new opportunities for security researchers to explore iOS exploits and jailbreak techniques.
Barcelona-based offensive security firm Paradigm Shift revealed the flaw, dubbed “usbliter8,” in a blog post published on Friday. The company also released a proof-of-concept exploit demonstrating how the vulnerability can be used. Exploiting the flaw requires physical access to the target device.
The vulnerability affects iPhones powered by Apple’s A12 and A13 chips, which were introduced in 2018 and 2019. Devices impacted include models such as the iPhone XS, iPhone XR and iPhone 11.
While the disclosure has attracted attention within the cybersecurity community, it does not mean affected iPhones can now be easily hacked. Instead, the vulnerability provides a valuable building block that researchers could potentially combine with other exploits to gain deeper access to Apple’s mobile operating system.
The flaw targets the iPhone’s Boot ROM, the first code executed when the device powers on. As one of the phone’s earliest security layers, the Boot ROM plays a critical role in preventing unauthorized access. Because it is permanently embedded in the hardware, vulnerabilities discovered within it cannot be fixed through software updates.
According to Paradigm Shift, users of affected devices should consider upgrading to newer hardware, as replacing the device remains the most effective way to mitigate the risk. The company noted that flaws residing in immutable code are effectively permanent for the lifespan of the affected chip.
The release of usbliter8 could also prove useful to researchers working on iPhone jailbreaks. Jailbreaking removes Apple’s software restrictions and grants deeper control over the device, but public jailbreaks have become increasingly rare as Apple has strengthened iPhone security over the years.
Companies that specialize in unlocking seized smartphones for law enforcement, such as Cellebrite and Magnet Forensics, likely already possess similar capabilities. However, additional vulnerabilities would still be required to gain access to user data stored on modern iPhones.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
Although Apple has significantly improved the security of its devices, the disclosure serves as a reminder that even highly secure hardware can contain vulnerabilities that skilled researchers and attackers may eventually uncover.
