The first unpatchable iPhone exploit in six years targets chips still running Apple's latest iOS

[Daniel Sims]

In context: Unpatchable, hardware-level vulnerabilities caused a stir some years ago when they repeatedly turned up in AMD and Intel processors, but they've been far rarer on Apple chips. This latest discovery only affects older iPhone processors, but it still shows that even relatively recent SecureROM implementations aren't foolproof.

Security researchers at Paradigm Shift have published the first iPhone bootROM exploit in years. The process, called usbliter8, targets a hardware-level flaw, which means upgrading to newer hardware is the only real fix.

The exploit affects the iPhone XS's A12 chip, the Apple Watch Series 4's S4 chip, and the iPhone 11's A13 SoC. The S5, found in the Apple Watch Series 5, first-generation SE, and HomePod mini, is vulnerable too. Pulling it off requires physical access and a Raspberry Pi, since the flaw sits in a part of the USB controller that standard Mac and PC USB stacks can't reach.

A12 and A13 are exposed because of how their USB controllers mishandle data packets, leaving SRAM data insecure. Earlier SoCs avoid the issue because they reset the DMA address after each packet comes through the USB controller, and A14 and newer are also safe, having corrected the underlying configuration.

Using the exploit to jailbreak devices is fairly simple on A12, S4, and S5 chips. A13 is trickier, since SecureROM's PAC protections add extra steps, but it's ultimately just as vulnerable as its predecessor. The flaw can't be patched via software, and altered firmware survives reboots.

While most devices built on these chips have been considered obsolete for years, the iPhone 11 which still runs on the A13 chip happens to be the oldest iPhone that supports iOS 26. Apple isn't dropping it for iOS 27 this fall, either, so it's guaranteed at least another year of software updates.

The last unpatchable iPhone jailbreak, checkm8, surfaced in 2019 and covered the A5 (iPhone 4S) through A11 (iPhone X). It later resurfaced as a way to bypass the security chips on some Macs. Together, the two exploits leave every iPhone from the 4S through the 11 open to an unpatchable jailbreak.

A fundamentally similar bootROM exploit recently surfaced for Microsoft's Xbox One, a console long considered unhackable. But getting it to work proved far harder than on iPhones, requiring a voltage-based hijack to pull off.

Permalink to story:

The first unpatchable iPhone exploit in six years targets chips still running Apple's latest iOS

 

[Squid Surprise]

Alas, my wife bricked my 11 and I have the 15 pro max now…

 

[bviktor]

Only incompetent people make such claims as "unpatchable". There's no such thing.

 

[Squid Surprise]

Only incompetent people make such claims as "unpatchable". There's no such thing.

Actually… there is… do some research

 

[Plutoisaplanet]

Pulling it off requires physical access and a Raspberry Pi, since the flaw sits in a part of the USB controller that standard Mac and PC USB stacks can't reach.

In other words, this is a flaw that almost no one needs to worry about. It only applies if you think someone will try to target your phone via physical access. Some examples of others taking advantage of the flaw would be police trying to collect evidence to prosecute you or someone personally trying to hack your phone for political/corporate espionage.

 

[Squid Surprise]

In other words, this is a flaw that almost no one needs to worry about. It only applies if you think someone will try to target your phone via physical access. Some examples of others taking advantage of the flaw would be police trying to collect evidence to prosecute you or someone personally trying to hack your phone for political/corporate espionage.

This is basically meant for jail breaking old iPhones…. A public tool hasn’t been released yet, but I’m sure it’s only a matter of time.

 

[HardReset]

Alas, my wife bricked my 11 and I have the 15 pro max now…

No-one outside Apple fanboys are interedted what device you are using.

It simply seems Apple rots people brains as they always have to mention what device they are using. No matter if it has any context or not. Seen this IRL too.

I'm using Android phone so this bug have no effect on me. Now every Android user should also post this is not their problem

 

[RaXelliX]

Only incompetent people make such claims as "unpatchable". There's no such thing.

If it's a hardware flaw then the only way to fix it is by issuing new hardware.
Apple cant and wont do that to years old phones. There is no software or firmware that can fix a hardware flaw.

 

[Squid Surprise]

No-one outside Apple fanboys are interedted what device you are using.

Nothing to do with “fanboy”… I happen to own Apple devices because they have superior performance and hold their value better than any other device.

It simply seems Apple rots people brains as they always have to mention what device they are using. No matter if it has any context or not. Seen this IRL too.

The article is about an Apple exploit - and it affects specific devices only!

I'm using Android phone so this bug have no effect on me. Now every Android user should also post this is not their problem

I believe it’s YOU mentioning your device for no reason… why are you even posting here??!?

 

[HardReset]

Nothing to do with “fanboy”… I happen to own Apple devices because they have superior performance and hold their value better than any other device.

Exactly what I meant. Apple fanboys always tend to tell how "superior" Apple products are. What fanboys have tendency to do same?

The article is about an Apple exploit - and it affects specific devices only!

Exactly. And everyone is interested about device YOU or your wife owns? So yeah, everyone should post here if they have or do not have Apple phone that is affected. Very interesting, yeah?

I believe it’s YOU mentioning your device for no reason… why are you even posting here??!?

Why are YOU posting? You said you have no phone that is affected with this bug. Guess what? I don't have either. Happy now?

 

[Plutoisaplanet]

Exactly what I meant. Apple fanboys always tend to tell how "superior" Apple products are. What fanboys have tendency to do same?

Exactly. And everyone is interested about device YOU or your wife owns? So yeah, everyone should post here if they have or do not have Apple phone that is affected. Very interesting, yeah?

Why are YOU posting? You said you have no phone that is affected with this bug. Guess what? I don't have either. Happy now?

Who cares why he posted? He doesn’t have to meet your standards. Just don’t like his post if you found it useless and boring, and move on. From this, it seems you’re arguing because his behavior fits whatever stereotype you have in your head about “Apple fanboys” and you dislike Apple as a brand:

It simply seems Apple rots people brains as they always have to mention what device they are using. No matter if it has any context or not. Seen this IRL too.

I have an iPhone too and didn’t mention which device I own. So your statement is wrong. Funny though, it took so little to trigger you. If you keep reacting this way, people might reply to your comments specifically with the intention of baiting you.

 

[HardReset]

Who cares why he posted? He doesn’t have to meet your standards. Just don’t like his post if you found it useless and boring, and move on. From this, it seems you’re arguing because his behavior fits whatever stereotype you have in your head about “Apple fanboys” and you dislike Apple as a brand:

I have an iPhone too and didn’t mention which device I own. So your statement is wrong. Funny though, it took so little to trigger you. If you keep reacting this way, people might reply to your comments specifically with the intention of baiting you.

Yeah, that just proves that if Apple fanboys have nothing to say, they Must say they have Apple device. Have any example of other brand that people tend to promote all the time? Other than Apple? Right.

Also posts like:

- I have an Apple device
- I had an Apple device
- I do not have Apple device
- I have Samsung device
- I only use Android

Pretty much add nothing to thread. See, it's not good discussion if people just say what they own. And this Apple fanboy had nothing to say, so of course he had to say he owns Apple. Prime example about what I mean.

 

[Squid Surprise]

Yeah, that just proves that if Apple fanboys have nothing to say, they Must say they have Apple device. Have any example of other brand that people tend to promote all the time? Other than Apple? Right.

Also posts like:

- I have an Apple device
- I had an Apple device
- I do not have Apple device
- I have Samsung device
- I only use Android

Pretty much add nothing to thread. See, it's not good discussion if people just say what they own. And this Apple fanboy had nothing to say, so of course he had to say he owns Apple. Prime example about what I mean.

OK, I'm kind of annoyed by you now - usually you just troll this site saying how AMD is superior in every way... why are you angry at Apple owners now?

This article was specifically written about Apple - and how there is an exploit for SPECIFIC devices. As an Apple device owner, why would me posting about which device I own not be relevant here?

On the other hand, YOU posting about owning an Android and bashing "Apple Fanboys" are completely IRRELEVANT to this thread. How about you go find another AMD article to laud your praise on?

 

[Plutoisaplanet]

Yeah, that just proves that if Apple fanboys have nothing to say, they Must say they have Apple device. Have any example of other brand that people tend to promote all the time? Other than Apple? Right.

Also posts like:

- I have an Apple device
- I had an Apple device
- I do not have Apple device
- I have Samsung device
- I only use Android

Pretty much add nothing to thread. See, it's not good discussion if people just say what they own. And this Apple fanboy had nothing to say, so of course he had to say he owns Apple. Prime example about what I mean.

Again, I ask, who cares why he posted that? You’re proving yourself to be an Apple hater lol. There are haters of lots of brands and they’re usually either just as obsessed as fanboys or generally mean people who must vent about whatever they dislike.

 

[HardReset]

OK, I'm kind of annoyed by you now - usually you just troll this site saying how AMD is superior in every way... why are you angry at Apple owners now?

This article was specifically written about Apple - and how there is an exploit for SPECIFIC devices. As an Apple device owner, why would me posting about which device I own not be relevant here?

On the other hand, YOU posting about owning an Android and bashing "Apple Fanboys" are completely IRRELEVANT to this thread. How about you go find another AMD article to laud your praise on?

Troll? I always give arguments.

Because it's equally relevant to post about not having an Apple device, or having Android device or ... See this thread is about security flaws on Apple products. Not about someone having or not having an Apple product. Using your logic, every Intel CPU thread should be filled with "I have Intel CPU" or "I don't have Intel CPU" comments that add nothing on discussion.

They are relevant. Because this just shows Apple fanboys just NEED to say they own Apple device when they have nothing to say. Another user here always say what Apple he will be buying. Just admit it goes like I say.

Again, I ask, who cares why he posted that? You’re proving yourself to be an Apple hater lol. There are haters of lots of brands and they’re usually either just as obsessed as fanboys or generally mean people who must vent about whatever they dislike.

You seem to care. I hate Apple, that is true. Difference is that Apple haters rarely promote their favourites but Apple fanboys tend to always bring something positive about Apple or owning Apple, even when it's totally irrelevant. Like on this case.

 

[Squid Surprise]

Troll? I always give arguments.

Yes… but they’re all the same…

Because it's equally relevant to post about not having an Apple device, or having Android device or ... See this thread is about security flaws on Apple products. Not about someone having or not having an Apple product. Using your logic, every Intel CPU thread should be filled with "I have Intel CPU" or "I don't have Intel CPU" comments that add nothing on discussion.

No it isn’t… this is clearly ABOUT Apple devices… you posting about how Apple device owners are fanboys is just trolling.

They are relevant. Because this just shows Apple fanboys just NEED to say they own Apple device when they have nothing to say. Another user here always say what Apple he will be buying. Just admit it goes like I say.

No… and no one NEEDS to post about their apple devices - but in a thread ABOUT Apple devices, it’s kind of obvious to do so…

You seem to care. I hate Apple, that is true. Difference is that Apple haters rarely promote their favourites but Apple fanboys tend to always bring something positive about Apple or owning Apple, even when it's totally irrelevant. Like on this case.

You hate Apple… yet chose to post in this thread… why? Just to anger everyone who had something relevant to say and hijack the post to troll us?

 

[Plutoisaplanet]

You seem to care. I hate Apple, that is true. Difference is that Apple haters rarely promote their favourites but Apple fanboys tend to always bring something positive about Apple or owning Apple, even when it's totally irrelevant. Like on this case.

Lol this post is such a self-own because it reveals your own hypocrisy. You hate Apple, and that’s the only reason you posted in this thread. And you call the person you’re badgering a troll?

Troll? I always give arguments.

You may say you “always give arguments” but you’re so biased against Apple that it won’t matter what the merit of the argument is. It is irrelevant to you. Your stance is predetermined to be against Apple. Now that that’s cleared up, I will proceed to dismiss your opinions as similarly irrelevant.

 

[Gezzer]

IMHO nothing exists that's "unhackable". But it comes down to how hard hacking the device is. While interesting a lot of hacks, like using the sounds given off from a HDD or the vibrations given off by a desk, are proof of concept and really won't be a serious security threat. To anyone. This is just another example of a hack that no one really needs to worry about. OTOH, I won't be surprised if Apple uses it to promote upgrading your iPhone. Just saying...

 

[Squid Surprise]

IMHO nothing exists that's "unhackable". But it comes down to how hard hacking the device is. While interesting a lot of hacks, like using the sounds given off from a HDD or the vibrations given off by a desk, are proof of concept and really won't be a serious security threat. To anyone. This is just another example of a hack that no one really needs to worry about. OTOH, I won't be surprised if Apple uses it to promote upgrading your iPhone. Just saying...

Again, this has nothing to do with the security of your device - it’s meant for jailbreaking…