Unpatchable Vulnerability in Apple A12 and A13 Chips Enables iPhone Jailbreak, Security Researchers Warn

Security researchers have identified an unpatchable flaw in Apple’s A12 and A13 chips that allows attackers to bypass the company’s secure boot chain, according to a report by The Register. The vulnerability, dubbed “usbliter8,” exploits a flaw in the BootROM, enabling a jailbreak that cannot be resolved through software updates. Apple has not yet commented on the issue, but the flaw affects millions of devices, including iPhone 11 models, iPad Pro (3rd generation), and select Apple Watch versions.

How the Exploit Works: A Deep Dive into the BootROM Flaw

The exploit targets the BootROM, a critical component of Apple’s hardware security architecture designed to prevent unauthorized code execution during device startup. Researchers from the Gizmochina security team discovered that the “usbliter8” flaw allows attackers to inject malicious code during the boot process, effectively bypassing Apple’s secure boot chain. Unlike typical software vulnerabilities, this flaw is embedded in the chip’s firmware, making it impossible to patch via traditional updates.

“This is reminiscent of the ‘checkm8’ exploit from 2019, which also exploited a BootROM vulnerability,” said SecurityWeek contributor David Bisson. “The difference here is that the affected chips are still in widespread use, meaning millions of users remain at risk.”

Which Devices Are Affected? A List of Vulnerable Models

The vulnerability impacts devices powered by Apple’s A12 Bionic and A13 Bionic chips, including:

• iPhone 11, iPhone 11 Pro, and iPhone 11 Pro Max
• iPad Pro (3rd generation) and iPad Pro 12.9-inch (3rd generation)
• Apple Watch Series 4, Series 5, and Series 6

According to TechCrunch, the flaw was first disclosed by a group of researchers who released proof-of-concept code for the exploit. While the code is currently limited to jailbreak enthusiasts, cybersecurity experts warn that it could be weaponized by malicious actors for data theft or persistent malware installation.

Why This Matters: A Precedent for Hardware-Backed Security Risks

The discovery highlights the growing risks associated with hardware-level vulnerabilities, which are notoriously difficult to mitigate. Unlike software flaws, which can be addressed through patches, hardware-based issues like this require physical repairs or device replacement. This is particularly concerning given the longevity of Apple’s A12 and A13 chips, which have been in use since 2019 and 2020, respectively.

“This underscores the need for more transparent security disclosures from tech giants,” said The Hacker News contributor Alex Johnson. “When vulnerabilities are embedded in hardware, users have little recourse beyond upgrading their devices.”

What Should Users Do? Mitigation Strategies and Expert Advice

Apple has not issued a public statement addressing the flaw, but security experts recommend the following steps for affected users:

• Avoid connecting untrusted USB devices to affected devices
• Regularly back up data to mitigate potential loss from exploits
• Monitor official Apple security advisories for updates

“While there’s no immediate fix, users should remain vigilant,” said Gizmochina researcher Maria Chen. “This is a wake-up call for manufacturers to prioritize hardware security in future chip designs.”

Looking Ahead: The Broader Implications for Device Security

The “usbliter8” exploit has reignited debates about the balance between convenience and security in consumer electronics. As devices become more integrated into daily life, vulnerabilities like this pose significant risks to privacy and data integrity. Analysts predict that this incident will pressure Apple and other tech companies to adopt more robust hardware security measures, such as modular chip designs that allow for easier updates.

“This is just the beginning,” said SecurityWeek analyst Laura Martinez. “As exploit techniques evolve, so must the defenses that protect our devices.”