Apple confirms critical processor flaw with no software fix

What happened?

Security firm Paradigm Shift has discovered a hardware exploit called usbliter8 that affects the USB controller and BootROM firmware of some Apple processors. The BootROM is the first piece of code that runs when an iPhone is turned on, and since it is etched into the chip's ROM memory, it cannot be modified via software updates. Apple has confirmed the flaw and stated there is no way to patch it via iOS, according to Hipertextual. The exploit was detailed by Paradigm Shift on their official blog (source), where they explain that it leverages a vulnerability in the BootROM USB stack, allowing arbitrary code execution at a privileged level during boot. According to the technical analysis, the flaw lies in poor handling of USB descriptors during recovery mode, enabling a buffer overflow that grants full control over the device.

Why is it important?

This type of vulnerability is especially serious because it allows an attacker with physical access to the device to execute arbitrary code in the early boot stages, bypassing all subsequent software protections. Although the exploit requires physical access and deep recovery mode, the fact that it is unpatchable means affected devices will remain permanently exposed. This contrasts with typical software flaws, which can be fixed with updates. The situation is reminiscent of the Checkm8 vulnerability from 2019, which also affected the BootROM of older iPhones and had no software fix. However, usbliter8 is more dangerous because it does not require a prior jailbreak or device unlock; simply connecting the iPhone to a malicious computer in DFU (Device Firmware Upgrade) mode is enough. Unlike Checkm8, which affected devices with A5 to A11 chips, usbliter8 targets models with processors prior to the A12 (iPhone X, iPhone 8, iPhone 7, and earlier). This covers millions of devices in use, many of which are still sold on the second-hand market. The impossibility of patching the BootROM means that data stored on these iPhones can be extracted if the attacker has physical access, even if the device is locked. Apple has publicly acknowledged the flaw but has offered no solution other than replacing the hardware, as reported by Hipertextual.

What consequences will it have?

For users, the only official recommendation is to replace the device with a newer model that does not contain the vulnerable chip. This entails significant economic cost and creates uncertainty about the security of personal data. For Apple, the incident highlights the risks of relying on non-upgradable hardware components and may affect consumer trust. Additionally, it could accelerate the adoption of more secure architectures or verified boot mechanisms, such as the advanced Secure Enclave or cryptographically signed boot already incorporated in A12 and later chips. In the second-hand market, affected iPhones will likely lose value, as informed buyers will avoid vulnerable models. For companies managing fleets of older iPhones, this poses a security risk and the cost of early replacement. From a broader perspective, this exploit demonstrates that software-only security is insufficient when hardware has design flaws. The security community has compared usbliter8 to the BootROM attack on the PlayStation 3 or the Nintendo Switch exploit, which also allowed full system control without the possibility of a patch. In Apple's case, the impact is greater due to the enormous user base and the sensitivity of personal data stored on iPhones. Paradigm Shift has published a proof of concept but claims it will not disclose the full code to prevent malicious use. However, it is likely that other research groups or malicious actors could replicate the exploit, increasing the risk for users.

What should readers know?

• The usbliter8 exploit affects iPhone models with processors prior to the Apple A12 (approximately iPhone X, iPhone 8, iPhone 7, iPhone 6s, iPhone 6, iPhone SE (1st gen) and earlier). It may also affect iPads and iPod touches with the same chips.
• No internet connection is required; the attack must be carried out with physical access to the device in recovery mode (DFU).
• Apple will not release a software patch to fix the flaw; the solution is hardware. Users should consider upgrading to a model with an A12 or later chip (iPhone XS, XR, 11, SE 2nd gen, 12, 13, 14, 15, 16 and later).
• Users should keep their devices updated with the latest available iOS, as although it does not fix the root flaw, it can make exploitation more difficult (for example, iOS 18 includes additional protections in recovery mode).
• It is recommended not to connect the iPhone to untrusted computers or chargers and to avoid leaving the device unattended. It is also suggested to disable recovery mode if not in use, though this is not possible in all cases.
• For businesses, it is advised to assess the risk and plan for replacement of affected devices, especially if they handle sensitive data.

"This is one of the most serious security flaws in Apple's recent history because it attacks the core hardware. There is no turning back: once the chip is manufactured, the error is permanent." – Analyst at TheVortiq