Unpatchable iPhone flaw found across multiple generations
▼ Summary
– Researchers discovered “usbliter8,” an unpatchable hardware and firmware flaw in Apple devices using A12, A13, S4, and S5 chips that affects USB functionality.
– The exploit requires physical access to the device and works by sending data over USB in DFU mode to inject code before iOS boots.
– Affected models include iPhone XR, XS, 11 series, SE, several iPads, second-gen Apple TV 4K, Studio Display, and Apple Watch Series 4, 5, and SE.
– The Security Enclave, which stores sensitive user data like passcodes, is not compromised by this exploit.
– Apple recommends upgrading to a newer device as the most effective fix, and the bug does not affect devices with A11 chips.
Researchers from Paradigm Shift have released a comprehensive analysis detailing an unpatchable hardware vulnerability affecting multiple generations of Apple devices. Dubbed “usbliter8”, this security flaw is rooted in the USB controller and certain Apple silicon chips, making it impossible to fix through software updates alone.
The usbliter8 exploit targets devices powered by A12, A13, S4, and S5 chips. This includes a wide range of hardware: iPhone XR, iPhone XS and XS Max, iPad Air 3, iPad mini 5, iPad 8, second-generation Apple TV 4K, iPhone 11 series, iPhone SE, iPad 9, Studio Display, and Apple Watch Series 4, Series 5, and SE. Owners of these devices should understand the risk and why a simple patch won’t solve it.
At its core, the issue combines a hardware-level bug in the USB component with a firmware configuration flaw. Because the vulnerability is baked into the silicon, Apple cannot issue a fix via iOS or watchOS updates. However, there is a critical limitation: an attacker must have physical access to the device to exploit it.
When a device is placed in DFU mode, a malicious actor can send specially crafted data over USB. This confuses the USB controller, causing it to write data to an unintended memory location. The result is that custom code can be injected before iOS even begins to boot, allowing the attacker to bypass signature checks and run modified system software without detection.
The good news is that the Security Enclave remains untouched. This dedicated hardware component stores encrypted data such as passcodes, biometric information, and other sensitive user credentials, so those remain protected even if the exploit is successfully executed.
So what should affected users do? Researchers noted that Apple collaborated with them during the investigation, but the only truly effective mitigation is to upgrade to a newer device. If your handset is stolen, the safest way to protect your data is to ensure you are using hardware that is not susceptible to this flaw. Interestingly, older devices running A11 chips and earlier are not affected, meaning some legacy models may actually be more secure in this specific scenario.
(Source: GSMArena.com)