Apple devices exposed by unpatchable 'usbliter8' hardware bug

Security researchers at Paradigm Shift have disclosed an unfixable hardware vulnerability affecting millions of Apple devices. The flaw, named "usbliter8", sits within the USB controller and cannot be resolved through any software update.

The vulnerability stems from a combination of hardware defects and firmware design flaws in Apple's A12, A13, S4 and S5 chips. Because the issue exists at the hardware level, affected devices cannot be secured remotely. Researchers say device replacement is the only long-term fix.

How the attack works

An attacker must first put the device into firmware update mode. They then send specially crafted data through USB, which confuses the USB controller and causes memory to be written in unintended locations.

This corruption allows custom code to execute before iOS fully boots, bypassing signature verification in the process. It enables attackers to load modified system software onto the device, granting them deep access to the operating system itself.

Secure Enclave remains protected

The Secure Enclave, an isolated coprocessor responsible for encryption and biometrics, is not impacted by usbliter8 at all. As a result, encrypted data such as passwords and user credentials remains secured regardless of the exploit.

Devices affected

The vulnerability affects a range of older Apple products. These include the iPhone XR, iPhone XS, iPhone XS Max, iPhone 11, all iPhone 11 variants, and the iPhone SE.

Also affected are the iPad Air 3, iPad mini 5, and iPad 8th and 9th generation. The list extends to the Apple Watch Series 4, Series 5 and Apple Watch SE, as well as the Apple TV 4K (2nd generation) and the Studio Display.

Physical access required

Exploiting the vulnerability requires physical access to the device, meaning remote attacks are not possible. However, the flaw becomes a genuine risk for anyone whose device is lost or stolen.