A company that sells hacking tools to governments has published details of a chip-level flaw in older Apple devices, and the security research community is paying close attention. Paradigm Shift, an offensive cybersecurity firm based in Barcelona, published a blog post on Friday detailing the vulnerability, which it named “usbliter8.” Alongside the write-up, the company released a proof of concept showing how the flaw can be exploited, though it requires physical access to the target device.
The flaw affects iPhones running Apple’s A12 and A13 chips, which were released in 2018 and 2019. That covers a range of older models including the iPhone XS, XR, and up to the iPhone 11. Crucially, the bug lives inside the device’s Boot ROM, the first piece of code that runs when an iPhone powers on. Because Boot ROM is burned directly into the chip, it cannot be updated or changed. That means Apple has no way to patch this vulnerability through a software update.
Paradigm Shift made that point plainly in its blog post, writing that “as these vulnerabilities reside in immutable code, affected users should be aware that migrating to newer hardware remains the most effective mitigation.” In plain terms, if you own one of the affected phones, the only real fix is to buy a newer one.
So what does this actually mean for everyday iPhone owners? The short answer is that older iPhones are not suddenly easy to hack. The exploit requires physical access to the phone, meaning someone would need to physically plug a cable into your device to use it. That is a significant barrier. Still, the publication matters for reasons that go beyond any single attack.
To understand why, it helps to know how iPhone hacking typically works. Exploiting the Boot ROM is step one. From there, a hacker still needs to chain together additional vulnerabilities to actually get to the data stored on the device. What usbliter8 does is make that first step available to a wider pool of researchers and developers who can now build on top of it.
This is directly relevant to companies in the forensic and spyware space. Firms like Cellebrite and Magnet Forensics sell tools to law enforcement agencies to break into iPhones seized during investigations. They almost certainly already have similar techniques in their private toolkits. What changes now is that this kind of capability is public, which lowers the barrier for others to develop similar tools.
It also reopens a conversation about iPhone jailbreaking. A jailbreak is a technique that breaks through Apple’s restrictions on its mobile operating system, giving users or researchers full access to the underlying system. Jailbreaks were fairly common a decade ago but have become increasingly rare as Apple has hardened its security. Researchers who find valuable iOS vulnerabilities have little reason to go public with them, since doing so only prompts Apple to close those holes. The publication of usbliter8 could give researchers a useful starting point to chain together a new jailbreak, even if the full picture still requires more work.
The broader context here is worth noting. Apple has made the iPhone one of the hardest consumer devices to compromise, and that reputation is well earned. But no hardware is immune. Boot ROM vulnerabilities, sometimes called “unpatchable” exploits, have appeared before. The most famous is checkm8, a similar Boot ROM flaw disclosed in 2019 that covered an even wider range of Apple chips and became the foundation for long-running jailbreak tools. usbliter8 appears to follow a similar pattern, though its scope is narrower.
A few key points to keep in mind:
- The vulnerability affects Apple A12 and A13 chips found in the iPhone XS, XR, and iPhone 11 series
- Physical access to the device is required to exploit it
- The flaw cannot be patched because it is in the hardware, not the software
- On its own, it does not give a hacker access to your data, but it opens the door to further attacks
- Moving to a newer iPhone is the only complete mitigation
Paradigm Shift did not respond to questions about the publication of usbliter8 or its broader implications. The company’s decision to go public with both the vulnerability details and a working proof of concept is itself notable. Publishing this kind of research shifts power in the security ecosystem, and not always in a predictable direction.