Bad News for iPhone 11 Owners: This Vulnerability Cannot Be Fixed
The hardware BootROM vulnerability, which was discovered in Apple A12 and A13 chips and cannot be fixed with a software update, threatens millions of iPhone users.
Paradigm Shift security researchers have discovered a critical BootROM vulnerability affecting millions of iPhone models with Apple’s A12 and A13 chips. This hardware-level error allows devices to be infiltrated through the USB controller and cannot be closed with software updates.
This vulnerability, which targets iPhone XS, iPhone 11 and related series, allows interfering with the first boot code of the devices. Researchers proved the seriousness of this hardware flaw by developing an exploit technique called ‘usbliter8’. The security risk in question poses a permanent threat to users because it arises from Apple’s architectural design at the production stage.
- An uncorrectable BootROM vulnerability has been detected at the hardware level on devices with Apple A12 and A13 chips.
- The vulnerability in question allows unauthorized memory access via the USB controller.
- A14 and later generation chips are not affected by this hardware bug.
- Apple cannot fix this security gap, which is a hardware design flaw, with software updates.
Vulnerability Cannot Be Fixed with Software Updates
The most striking fact emphasized by security experts is that the error is found in the BootROM code placed during the production phase of the device. Since this code is embedded in the device’s hardware, patches released through the iOS operating system are not enough to solve the problem.
Modern cybersecurity principles advocate that hardware-based exploits often require modification of the entire device.
Millions of iPhone users cannot fully protect their devices with manufacturer software updates.
Affected Models Identified
The devices covered by the research include the iPhone XS, XS Max and XR models, as well as the iPhone 11, 11 Pro and 11 Pro Max series.
Experts state that exploitation is relatively easier on devices with A12 processors, but more complex formulas are used to bypass the ‘Pointer Authentication Codes’ (PAC) security system on A13 chips. Older A11 chips are not affected by this issue because they use a different USB driver architecture.
Apple has completely eliminated this hardware error in the A14 processor and subsequent generation architectures.
Attack Technique Uses USB Packets
The exploit in question accesses restricted memory areas of the device with a special string of information sent via USB. This may lead to the device’s basic firewalls being disabled or system files being interfered with. Since it is a hardware architectural flaw, no future iOS version from Apple will be able to permanently fix this USB controller issue.
How do you think such vulnerabilities at Apple’s hardware level should affect users’ decision to switch to a new model? You can share your ideas and concerns about betting with us in the comments section.
