Is Your Old iPhone at Risk? The "usbliter8" Chip Flaw, Explained Calmly
⚡ Quick verdict
- → Only affects iPhone XS, XR, and iPhone 11 (A12/A13 chips). iPhone 12 and newer are safe.
- → Requires physical access + a cable — cannot be triggered remotely.
- → Apple cannot patch it via software — it's in the hardware. Enable USB Restricted Mode now.
If a headline about an "unpatchable iPhone flaw" called usbliter8 landed in your feed this week, here's the short version before the panic sets in: it's real, it's significant in the security research world, but it only affects two specific chip generations — and it cannot be triggered remotely. Here's exactly what happened and what, if anything, you need to do about it.
A Barcelona-based security research firm called Paradigm Shift published technical details of a flaw they're calling usbliter8. It lives inside the Boot ROM — the very first piece of code that runs the instant an iPhone powers on, before the operating system even loads. Researchers found a flaw in that lock, and because it's burned directly into the chip itself, Apple can't push a software update to fix it.
Which iPhones does this actually affect?
This is the part most headlines skip. The flaw only affects two specific Apple chips — the A12 and A13 — which means it's limited to:
- iPhone XS and XS Max
- iPhone XR
- iPhone 11, 11 Pro, and 11 Pro Max
If you're using an iPhone 12 or newer, this vulnerability simply doesn't apply to your device. Apple has shipped several chip generations since the A13, each with its own security architecture, none of which carry this flaw.
Can hackers remotely break into your phone using this?
No — and this is the detail that gets lost the most. Exploiting usbliter8 requires physical access to the device and a direct cable connection. Nobody is going to silently hack your iPhone from across the internet using this flaw. It's not a "click a bad link and you're compromised" situation. It's closer to the kind of technique used by digital forensics labs with a phone physically in front of them — specialized phone-unlocking firms working with law enforcement, not everyday cybercriminals.
A flaw that needs your phone in someone's hands, a cable, specialist tools, and additional chained vulnerabilities is a very different risk category than one that can be triggered from anywhere on the planet. For most people, the realistic threat level is low.
Why can't Apple just patch it?
Boot ROM code is written into the chip at the factory — it's part of the hardware, not the software. Apple can patch iOS constantly, but it cannot rewrite something physically etched into silicon after the fact. The researchers were direct about this: migrating to newer hardware is effectively the only permanent fix, since the flawed code is immutable on these particular chips.
What should you actually do?
A short, calm checklist if you're still carrying one of the affected models:
- Set a strong passcode, not just Face ID. A longer alphanumeric passcode is harder to work around than a short numeric one when the device is locked but powered on.
- Turn on USB Restricted Mode (Settings → Face ID & Passcode → Allow Access When Locked → turn off USB Accessories). This blocks data access over a cable unless the phone has been unlocked recently — closing off exactly the access this exploit depends on.
- Don't hand your phone over or leave it unattended in situations where you don't trust who might have access to it, since physical access is the entire requirement here.
- If you're due for an upgrade anyway, this is a reasonable nudge — not a reason to panic, but a legitimate point in favor of newer hardware next time you're shopping.
If security and scams are on your mind, our guide on how to spot AI scam texts in 2026 covers the updated version of that checklist. And if you've been putting off setting up a passkey for your email, here's why now is the right time.
The bottom line
This is genuinely significant news in the iPhone security world — the kind of disclosure that can eventually enable a public jailbreak for older iPhones, something that's become rare as Apple's defenses have improved. But for the average person on an iPhone 13, 14, 15, or 16, it changes nothing about your day. Even on an affected XS, XR, or 11, the realistic risk is low unless someone with specialized tools has physical access to your device. Update your habits, not your anxiety level.
Frequently asked questions
Which iPhones are affected by usbliter8?
Only iPhones with A12 and A13 chips: iPhone XS, XS Max, XR, iPhone 11, 11 Pro, and 11 Pro Max. iPhone 12 and all newer models are not affected.
Can this flaw be exploited remotely?
No. Exploiting usbliter8 requires physical access to the device and a direct cable connection. It cannot be triggered over the internet or wirelessly.
Can Apple fix this with a software update?
No. The flaw is in the Boot ROM, which is burned into the chip at the factory and cannot be patched via software. Upgrading to newer hardware (iPhone 12 or later) is the only permanent solution.
Technical details sourced from the original Paradigm Shift security disclosure, published June 2026.
Driftnote Editorial Team
We reviewed the original Paradigm Shift security research disclosure and cross-referenced it with Apple's chip documentation before writing this explainer.