- Paradigm Shift discovered “usbliter8,” a hardware flaw in A12/A13 iPhone and S4/S5 Apple Watch chips allowing jailbreak via USB data handling
- Exploitation requires physical access and Raspberry Pi, but enables bypassing iOS restrictions and deep system compromise
- Apple cannot patch; only unaffected models (pre‑A12 or A14+) are secure, making device replacement the sole mitigation
Security researchers Paradigm Shift have discovered a vulnerability in older iPhone and Apple Watch models which can be used to jailbreak the devices. What makes this vulnerability special is the fact that there is no fix for it – the only way to really be secure is to replace the device with a newer model.
The good news is that exploiting the flaw isn’t that simple. It cannot be done remotely since the attacker needs to have physical access to the device, and needs to hook it up to a Raspberry Pi.
It is still an important finding, and one which puts stolen iPhones (or those confiscated by law enforcement) at risk.
Handling incoming data
The researchers dubbed the bug usbliter8, and say it affects iPhone XS’s A12 chip, the Apple Watch Series 4’s S4 chip, and the iPhone 11’s A13 SoC. Furthermore, the S5 (powering the Apple Watch Series 5, first-generation SE, and HomePod mini), was said to be vulnerable as well
The vulnerability stems from how these chips’ USB controllers handle incoming data. They don’t properly reset memory addresses between data transfers, letting the attacker place unauthorized code into the chip’s protected memory.
Therefore, according to Paradigm Shift, the bug can be abused for jailbreaking the device, meaning attackers could bypass iOS security restrictions entirely, install software at the deepest level of the system, and potentially extract data stored on the device.
Since this is a physical hardware design flaw, rather than a software bug, Apple can’t fix it with an update, and…
