·
·
Monday, 22 June 2026dailybeirut.com
Tech & Science
A cybersecurity firm revealed a serious hardware flaw in seven older iPhone models with A12 and A13 Bionic processors, exposing sensitive device areas beyond software protection.
A cybersecurity company has identified a significant security vulnerability in several older iPhone models. This flaw allows attackers to access sensitive parts of the devices that bypass existing protection measures, potentially putting millions of users at risk. The vulnerability is linked to the phone's processor itself rather than the operating system, complicating efforts to fix it.
The security gap, discovered by the cybersecurity firm Paradigm Shift, affects seven iPhone models equipped with Apple's A12 and A13 Bionic processors, according to the British newspaper Daily Mail.
The affected devices include the iPhone 11 Pro Max and the second-generation iPhone SE, among others.
Experts have warned that exploiting this flaw could enable unauthorized access to the devices, theft of personal information, installation of hidden spyware, and control over critical phone components.
The core of the vulnerability lies outside the iOS operating system, residing within the processor's hardware components. This makes addressing the issue more complex compared to typical software vulnerabilities.
Researchers have named the flaw "usbliter8" and explained that it exists in an area called BootROM. This is the initial code the phone executes when powered on.
Because the flaw is embedded in the phone's internal hardware, it cannot be resolved through a standard software update. The affected code is permanently integrated into the processor during manufacturing and cannot be rewritten afterward.
The researchers highlighted that the vulnerability exploits the USB controller embedded within the chip. This controller temporarily stores incoming data packets in a small memory area called a buffer during device startup.
By sending a carefully crafted sequence of unusually small data packets, the researchers managed to trick the controller into writing information into protected memory regions that should not be accessible.
Paradigm Shift described the issue as a hardware design flaw rather than a software bug. They noted that newer iPhone models are not affected by this vulnerability because Apple modified the internal component designs in later processor generations.
Some older devices are also unaffected, such as the iPhone X with its A11 processor. This chip includes a mechanism that resets an important memory pointer after processing each USB data packet, preventing exploitation of this flaw.
Despite raising concerns among security experts, the practical risk to most users remains limited. The attack cannot be executed remotely over the internet like many cyberattacks; it requires physical access to the device and specialized equipment.
Researchers emphasized that hardware vulnerabilities are among the most difficult security issues to address, as they are embedded in device components from the time of manufacture.
Separately, iPhone users have recently been warned about financial losses resulting from fraudulent text message scams.
Additionally, a security flaw was uncovered in Apple’s Beats Studio Buds headphones that could allow them to be exploited as eavesdropping devices through a Bluetooth communication weakness.
Apple has cautioned against social engineering attacks, which rely on impersonation, deception, and psychological manipulation to obtain user data.
World Cup 2026
Lebanon
World
Lebanon