iPhone XS, XR, and 11, some older iPads, and other Apple devices are vulnerable to an unpatchable low-level hardware bug in the USB controller that allows physical hackers to completely take over devices, warns a report by Paradigm Shift.

Security researchers publicly released a proof-of-concept exploit targeting Apple A12, S4/S5, and A13 systems-on-chip (SOCs), achieving full code execution and breaking the chain of trust.

The A12 chips are widely used in the iPhone XS and XS Max, iPhone XR, iPad Air (3rd generation), iPad Mini (5th generation), iPad (8th generation), and Apple TV 4K (2nd generation).

Its successor, the A13 chip, powers the iPhone 11, 11 Pro, and 11 Pro Max, the iPhone SE (2nd generation), and the iPad (9th generation).

Apple S4 and S5 chips clock the Apple Watch Series 4 and 5, the Apple Watch SE, and the HomePod mini.

The newly released research also warns that technical exploitation of A12X/Z chips is also possible, leaving vulnerable iPad Pro 11-inch (1st and 2nd generations) and iPad Pro 12.9-inch (3rd and 4th generations).

Apple was informed about the bugs prior to the release, and disclosure was coordinated.

To exploit the bug, attackers need to gain physical access to the device.

“The usbliter8 exploit demonstrates that even on more recent SecureROM generations, including those protected by Pointer Authentication, subtle hardware bugs can still be leveraged to achieve full code execution and break the chain of trust,” the report reads.

Never have generations, starting from iPhone 12 and later devices, addressed the underlying issue.

However, the affected devices will remain vulnerable for the remainder of their support period, because the vulnerable code lies in read-only BootROM memory. BootRom is embedded in the SOC and contains the initial code that executes on power-on or reset, responsible for loading the bootloader.

Essentially, that means attackers, like thieves or authorities, can completely own the device by plugging a USB cable into a development board running the exploit, and no iOS update will ever fix it.

Forensic companies and government agencies often pay millions for these kinds of tools. Journalists, activists, executives, or anyone with sensitive information might want to upgrade older devices. For most people, however, the day-to-day risk is low.

How does the exploit work?

When a vulnerable iPhone is plugged via USB in DFU (recovery) mode, it talks to the system via “Setup Packets, or small standardized messages. The researchers found a logic flaw: the specification requires all packets to be exactly 8 bytes, but carefully crafted, slightly smaller packets cause a buffer underflow.

Attackers can exploit this to write into protected memory regions, eventually gaining full control of the device. The phone would now run the attacker’s code at the deepest level, before any of Apple’s security checks ever load.

“We believe this is an inherent bug within the USB controller itself. While potentially affecting many devices, the vulnerability works under specific circumstances only,” the researchers said.

“Affected users should be aware that migrating to newer hardware remains the most effective mitigation.”

The researchers confirmed that A12 and A13 SecureROMs are vulnerable, while the earlier A11 USB driver is unaffected because it manually resets the memory address after each packet, neutralizing the bug.

On subsequent A14 and later generations, Apple correctly configured DART (Device Address Resolution Table) so that the USB controller can’t write outside its permitted memory boundaries.

The exploit code is already publicly available on GitHub because researchers hope it will help build more resilient systems.

“By publishing this research and the accompanying proof of concept, we aim to document the real-world impact of this class of hardware vulnerabilities, contribute to the broader understanding of modern BootROM security, and demonstrate that even recent SecureROM generations remain susceptible to subtle hardware flaws,” they explained.

---

Unlock more exclusive Cybernews content on YouTube.