Millions of iPhones Have a Flaw Apple Can’t Fix

Millions of Older iPhones and iPads Hit by Unfixable Security Flaw, Researchers Warn

• Unpatchable iPhone Vulnerability Exposes Millions of Apple Users
• Researchers Discover Permanent Security Flaw in Older iPhones and iPads
• Apple Users Alerted to Critical Hardware Bug Affecting Popular Devices
• This iPhone Security Flaw Can Never Be Fixed and Millions Are Affected
• Millions of Older Apple Devices Vulnerable to Deep-Level Hack
• Cybersecurity Experts Reveal Hidden Flaw in iPhone XS, XR and iPhone 11
• Why Some Apple Devices May Never Be Fully Secure Again
• Researchers Find Permanent Backdoor-Like Flaw in Older iPhones
• Apple Security Warning: Older iPhones Face Unfixable Hardware Risk

Millions of Apple users may be carrying devices with a security vulnerability that can never be fixed.

Cybersecurity researchers have disclosed a critical hardware-level flaw affecting several older iPhone, iPad, Apple Watch, and Apple TV models, warning that the vulnerability allows attackers with physical access to gain deep control over affected devices. Unlike ordinary software bugs, this flaw is embedded directly in the hardware, meaning no future iOS or iPadOS update can completely eliminate the risk.

The vulnerability, dubbed “usbliter8” by researchers at Paradigm Shift, targets Apple’s A12, A13, S4, and S5 chips. Security experts say the flaw exists within the devices’ BootROM, the low-level code that runs before the operating system starts. Because BootROM is permanently written into the chip during manufacturing, it cannot be patched after the device leaves the factory.

Which Devices Are Affected?

The list includes several popular Apple devices that are still in use worldwide, including:

• iPhone XS and iPhone XS Max
• iPhone XR
• iPhone 11, 11 Pro, and 11 Pro Max
• iPhone SE (2nd Generation)
• iPad Air (3rd Generation)
• iPad Mini (5th Generation)
• iPad (8th and 9th Generation)
• Selected iPad Pro models
• Apple Watch Series 4 and 5
• Apple Watch SE (1st Generation)
• HomePod Mini and Apple TV 4K (2nd Generation)

How Serious Is the Threat?

Researchers say attackers would need physical access to a device to exploit the flaw. However, once successfully triggered, the vulnerability could allow hackers to bypass Apple’s security protections, run unauthorized code, extract sensitive data, and potentially gain complete control of the device at a fundamental level.

The exploit works by manipulating how vulnerable devices process USB communications while in Device Firmware Update (DFU) mode. By sending specially crafted USB packets, attackers can interfere with protected memory areas and break Apple’s chain of trust before iOS even loads.

Why Apple Can’t Fix It

Unlike software vulnerabilities that can be corrected through updates, this issue stems from the hardware architecture itself. The flaw exists inside read-only memory embedded in the chip, making it effectively permanent for affected devices. Security researchers say newer Apple devices beginning with the iPhone 12 series are not vulnerable to this specific flaw.

Who Should Be Most Concerned?

For most everyday users, the immediate risk remains relatively low because attackers must physically possess the device. However, journalists, executives, government officials, activists, business leaders, and anyone handling highly sensitive information could face greater risks if their devices are lost, stolen, seized, or temporarily accessed by malicious actors.

Security experts say the most effective protection is upgrading to newer Apple hardware that is not affected by the vulnerability. While strong passcodes, encryption, and physical security remain important, they cannot remove the underlying hardware flaw.

The discovery serves as a reminder that even some of the world’s most secure devices can contain hidden weaknesses that remain dormant for years before researchers uncover them—and in this case, millions of Apple users may be stuck with a flaw that will never truly be fixed.