Unpatchable Apple Chip Flaw Opens the Door to an iPhone Jailbreak
Security researchers found a new problem inside some Apple phone chips. (A chip is the tiny “brain” inside a phone.) The flaw can be used to “jailbreak” older iPhones. A jailbreak means breaking past Apple’s locks. It lets you reach hidden parts of the phone that Apple keeps closed. The flaw is named usbliter8. It sits inside the chip itself. So Apple cannot fix it with a software update. (A software update is the new code your phone downloads to fix problems.) Here is the good news for most people. An attacker must hold your phone in their hands and plug in a cable. So no one can do this to you over the internet.
The work comes from a company called Paradigm Shift. It is based in Barcelona. It does “offensive security.” That means these are hackers who break things on purpose. They do it to show where the weak spots are. The company shared the full report and test code in June 2026. (Test code, or proof-of-concept, is code that proves the attack really works.)
What does “unpatchable hardware flaw” actually mean?
Most security bugs live in software. Apple can fix those with an update. You tap “install.” The hole closes.
This flaw is different. It lives in the Boot ROM. (The Boot ROM is also called SecureROM.) The Boot ROM is the very first code a phone runs when you turn it on. It is “burned” into the chip at the factory. Think of words carved into stone, not written in pencil. Once the phone ships, no update can change it.
That is why we call it unpatchable. (Unpatchable means it cannot be fixed.) The only real fix is to stop using these phones. The researchers said it simply. Because the flaw lives in code that cannot change, “migrating to newer hardware remains the most effective mitigation.” In plain words: buy a newer phone.
What is a “jailbreak”?
A jailbreak removes Apple’s built-in rules on an iPhone. Apple locks the iPhone down on purpose. You can only get apps from its App Store. And you cannot reach the deep parts of the system.
A jailbreak breaks those locks. Some people do it to change their phone or run apps Apple bans. But the same trick can let an attacker reach your private data. They would need your phone in their hands. The usbliter8 flaw is the first crack in the wall. By itself, it does not give up your data. Attackers must join it with other bugs to build a full jailbreak.
Which iPhones and chips are affected?
The flaw hits Apple’s A12 and A13 chips. These chips ran iPhones from 2018 and 2019. Some Apple Watch chips are hit too. Those are the S4 and S5.
| Key fact | Detail |
|---|---|
| Flaw name | usbliter8 |
| Where it lives | Boot ROM / SecureROM (burned into the chip) |
| Affected chips | Apple A12, A13 (also Watch S4, S5) |
| Affected iPhones | iPhone XS, XS Max, XR, iPhone 11 lineup |
| Released | 2018–2019 |
| Found by | Paradigm Shift (Barcelona) |
| Disclosed | June 2026 |
| Patchable? | No (hardware-level) |
| Access needed | Physical, via USB cable in DFU mode |
| Time to run | Under 2 seconds |
What exactly did the researchers find?
The bug is in the chip’s USB controller. (That is the part that handles the cable connection.) Here is the idea in simple terms. The controller saves small bits of data that come in over USB. A counting mistake lets the researchers push a “write pointer” backwards through memory. (A write pointer marks the spot where new data gets saved.) They move it a few bytes at a time. They do this again and again. In the end, they can run their own code inside the chip’s most trusted area.
To do this, the phone must be in DFU mode. (DFU mode is a special repair state.) The phone must also be plugged into a small custom circuit board over USB. Once it is set up, the attack finishes in under two seconds. It runs before Apple’s normal safety checks even start.
This sounds a lot like checkm8
It does. In 2019, a famous flaw called checkm8 hit Apple’s older A5 to A11 chips. It also lived in the Boot ROM. It could never be fixed. People call usbliter8 a “checkm8-style” flaw. That is because it brings the same unfixable problem to the newer A12 and A13 chips. So the weak spot just moved up one phone generation.
How risky is this for a normal user?
For most people, the daily risk is low. The flaw cannot be used over Wi-Fi, a text, or a bad website. An attacker needs your real phone, special hardware, and time.
- Stolen or lost phones become better targets for skilled attackers.
- Border or police searches, where a phone is taken away, become a bigger worry for people at risk.
- Forensic firms get a new tool for these older models. (Forensic firms are companies that unlock seized phones.)
Your daily data is still safe behind your passcode and encryption. (Encryption scrambles your data so others cannot read it.) But a hardware flaw like this weakens one layer of safety on these older phones. And that stays weak forever.
What can Apple do about it?
Very little for the affected phones. The flaw is baked into the chip. No update can erase it. Apple can only make sure newer chips do not repeat the mistake. Apple did not reply to requests for comment when the news came out.
Why it matters (especially for India and founders)
India is full of older iPhones. The iPhone XR and iPhone 11 sold very well here. They stayed popular for years through the second-hand market. Many people still use these exact models today. So this flaw touches a real share of Indian users.
For founders and business owners, there is a sharper lesson. (A founder is a person who starts a company.) Does your team use old company iPhones? Treat them as easy to misuse if lost. A lost or stolen phone is now a bigger risk for these models. Sensitive work data, founder logins, and customer info need phones that stay up to date.
Here is the bigger picture. Trust in hardware does not last forever. A chip that was safe in 2019 can crack open in 2026. This same theme runs through many tech and policy debates today. It goes from device safety to how platforms handle new iOS 27 AI features on the phones we carry.
FAQ
Can someone hack my iPhone remotely with this flaw?
No. The attacker must hold your phone and plug it into special hardware with a cable. It cannot be done over the internet.
Will an Apple update fix this?
No. The flaw lives in code burned into the chip. Apple cannot reach it with a software update. The only real fix is to move to a newer iPhone.
Which iPhones should I worry about?
Phones with A12 or A13 chips. That means the iPhone XS, XS Max, XR, and the iPhone 11 lineup. Newer iPhones are not hit by this flaw.
The takeaway
usbliter8 is serious but narrow. It is unpatchable, which sounds scary. But it needs hands-on access to your phone. Do you use an iPhone XS, XR, or 11? You do not need to panic. Keep a strong passcode. Do not hand your phone to strangers. Plan to upgrade when you can. For everyone else, it is a clear reminder. A phone is only as safe as the chip it is built on.
Source: TechCrunch.
