We all know that Apple is distinguished by its long-term software support for its devices, which is what drives many users to keep their old devices for many years as long as they work efficiently and receive security updates. But have you ever thought that there are some security issues that even Apple, with all its technological greatness, cannot solve? Yes, this is what security researchers recently revealed regarding an eternal software vulnerability that affects millions of old devices that are still alive in the pockets and on the wrists of millions of users around the world.

What is the usbliter8 vulnerability and how does it work?

Researchers from the European cybersecurity firm Paradigm Shift have discovered a new security vulnerability they have dubbed usbliter8. This vulnerability is not in the iOS operating system, which can be updated and patched with the click of a button; rather, the problem lies in the Boot ROM of older Apple chips, specifically the A12 Bionic and A13 Bionic chips. Since the code in this area of the processor is fixed and etched into the hardware and cannot be modified or rewritten, Apple literally has no software way to close or fix this vulnerability.

This vulnerability affects a long list of popular iPhones that are still widely used today, including the entire iPhone 11 family, the iPhone SE (2nd generation), as well as the iPhone XS, iPhone XS Max, and iPhone XR. Theoretically, any malicious actor could exploit this vulnerability to take full control of an affected iPhone, but fortunately, there are conditions that make it less scary than it sounds.
Physical access is necessary to exploit the vulnerability

Before you panic and decide to get rid of your phone immediately, let us clarify the bright side. To exploit the usbliter8 vulnerability, an attacker needs two essential conditions: direct physical access to your iPhone and connecting it via a USB port to a computer. This means there is no possibility of remote hacking via the internet or malicious links; as long as your phone is safe in your pocket, you are completely safe.

The real problem may only appear if the phone is lost or stolen, as the thief would have enough time and physical access to attempt to exploit this vulnerability. However, reports confirm that sensitive data stored within the Secure Enclave—such as Face ID, Touch ID, passwords, and encryption keys—remains safe and protected, although researchers warn that the vulnerability could open up wider attack paths that could eventually lead to attempts to bypass Secure Enclave protection. The only radical solution for those who feel concerned is to upgrade to a newer device and dispose of the old phone securely after wiping all its data.
Apple Watches and iPads were not spared either

The issue is not limited to iPhones only, but extends to other Apple devices that run on affected processors or similar chips, such as the S4 and S5 chips in watches. Affected devices include the iPad (8th generation), iPad (9th generation), iPad Air (3rd generation), iPad mini (5th generation), as well as the Apple Watch SE (1st generation), Apple Watch Series 4, and Apple Watch Series 5.
Just as with the iPhone, the hacking process requires physical access and a USB connection. In an official comment from Apple to Security Week, the company confirmed that newer devices produced in recent years already have full protection against this vulnerability, and the issue was resolved in new hardware a long time ago. Therefore, if you own one of these older devices, the best solution is to keep it in your sight and protect it from being lost, or consider upgrading soon to enjoy complete peace of mind.
Source:



Leave a Reply