These Older iPhone Models Have A Security Flaw That Apple Can't Fix

Researchers from European cybersecurity firm Paradigm Shift have discovered a new security flaw that affects iPhones powered by the company's A12 and A13 Bionic chips. While many folks upgrade their iPhone every year or every few years, there are others who like to hold onto their iPhone for as long as it lasts, given Apple's long software support period. As a result, there are likely millions of iPhone owners using the iPhone 11 series, iPhone SE (2nd generation), iPhone XS, iPhone XR, or the iPhone XS Max, which are the seven iPhone models using the affected Apple silicon.

Dubbed 'usbliter8', the security flaw is present in the boot ROM of an iPhone, which contains the code executed before iOS boots up. A malicious party can potentially use the flaw to gain complete control of the iPhone. However, as this part of the code is immutable or inalterable, there is no reasonable way for Apple to fix it. Fortunately, even if you currently use one of the impacted iPhones, it's not all bleak.

An attacker would need physical access to your iPhone and a USB connection to exploit the security flaw, which means there is no possibility of a remote hack. Therefore, most iPhone owners have no immediate cause for worry despite no patch being on the horizon. The one situation in which "usbliter8" could become a problem for you is if your iPhone is stolen or lost. This would give whoever ends up with your iPhone physical access and an ample amount of time to exploit the security bug if they wanted to.

Still, any data stored in your iPhone's "Secure Enclave," which includes your biometric information, passcodes, and encryption keys, should remain safe, as "usbliter8" doesn't impact that. However, the researchers warn that the flaw opens wider attack vectors that could compromise the "Secure Enclave." If this flaw has got you worried, the only real solution is to buy new hardware and make sure you completely wipe and dispose of the old smartphone safely.

The impact of the usbliter8 vulnerability isn't limited to the seven mentioned iPhone models. Researchers say the flaw also impacts Apple's S4 and S5 chips as well as the iPad models using the A12 or A13 Bionic. The affected devices include iPad (8th gen), iPad (9th gen), iPad Air (3rd gen), iPad Mini (5th gen), Apple Watch SE (1st gen), Apple Watch Series 4, and Apple Watch Series 5.

As with the impacted iPhones, an attacker would need physical access and a USB connection to exploit the vulnerability, and there is no way to fix it. If you own an affected iPad or Apple Watch, the best way to mitigate the issue is either to avoid letting the device fall into the wrong hands or to upgrade to new hardware. Apple told Security Week in a statement that the newer hardware already includes a fix for this vulnerability, which was added years ago.