Apple Devices With Older Chips Affected by Unfixable Security Flaw

By Zohaib Shah|59 minutes ago |
Apple Devices

Security researchers at Paradigm Shift have disclosed a serious hardware-level security flaw affecting several Apple devices. The vulnerability, named “usbliter8,” is tied to the USB controller system and specific Apple silicon chips.

The researchers explain that the issue comes from a hardware bug in the USB controller combined with a firmware design flaw. Because the problem exists at the hardware level, it cannot be fixed through software updates, making it effectively unpatchable.

However, exploitation is not simple. An attacker must first gain physical access to the device. Without physical access, the flaw cannot be triggered remotely.

The attack works when a device is put into Device Firmware Update (DFU) mode. At that stage, specially crafted data can be sent through the USB connection. This can confuse the USB controller and cause memory to be written in the wrong location. As a result, custom code may run before iOS fully boots.

This early execution allows attackers to bypass signature checks. It could also enable modified system software to run on the device. Despite the severity, the researchers confirmed that Apple’s Secure Enclave remains unaffected. This means encrypted data, such as passcodes and sensitive user information, stays protected.

Apple Iphone

The usbliter8 flaw impacts devices using Apple’s A12, A13, S4, and S5 chips. The list includes iPhone XR, iPhone XS, and iPhone XS Max. It also affects iPhone 11 models and iPhone SE. Other impacted devices include iPad Air 3, iPad mini 5, iPad 8, and iPad 9.

Additionally, the second-generation Apple TV 4K is affected. Apple Watch Series 4, Series 5, and Apple Watch SE are also included. The Studio Display is part of the affected hardware list.

According to the researchers, users cannot protect these devices through a software update. The vulnerability remains at the hardware level, and it was noted that Apple also worked with them during the disclosure process. However, a full fix is not possible for existing hardware.

The only long-term protection is device replacement. This becomes more important in cases of theft or physical compromise.

Zohaib Shah

A tech writer passionate about covering the latest in mobile technology, AI innovations, and digital transformation. Focused on making complex tech stories simple, engaging, and relevant for readers in the modern digital age.

Latest News

OnePlus N6

OnePlus N6 Launch Nears as Charging Speed and Key Specs Emerge Online

Islamabad Launches Online Birth And Death Registration Via Mobile App

Islamabad Launches Online Birth And Death Registration via Mobile App

You Can Now Control Your Instagram Feed

You Can Now Control Your Instagram Feed

Oppo Reno 16 Series

Oppo Announces Official Launch Date for Reno 16 Series

Punjab Unveils Rs 57 Billion Electric Vehicle Subsidy To Cut Fuel Imports

Lahore Gets First High Speed Electric Vehicle Fast Charging Infrastructure

Pakistani Co Founded Ai Startup Respond Io Raises 62 5m Series B Funding

Pakistani Co-Founded AI Startup Raises $62.5M Series B Funding

Imf Expresses Dissatisfaction With Fbr Over Growing Tax Shortfall

Lawmakers Reject FBR Proposal To Access Bank Account Data

Operation Endgame Cleans 14971 Infected Wordpress Sites Worldwide

Operation Endgame Cleans 14,971 Infected WordPress Sites Worldwide

Court Orders Isp To Pay Rs50000 For Deficient Internet Service

Court Orders ISP to Pay Rs50,000 for Deficient Internet Service

Github Models No Longer Available For New Customers

GitHub Models No Longer Available For New Customers

Pinterest Launches Ai Powered Ad And Shopping Tools

Pinterest Launches AI-Powered Ad and Shopping Tools

Nayatel Increases Prices Of Home Internet Packages

Nayatel Increases Prices of Home Internet Packages

Govt Ends Fuel Saving Measures Retains Business Closing Timings

Govt Ends Fuel-Saving Measures, Retains Business Closing Timings

Get Alerts