Seven iPhone models compromised by major security breach

Cybersecurity specialists say they have discovered a fresh vulnerability that could affect millions of older iPhone handsets.

The issue, reported by security company Paradigm Shift, is linked to seven widely used iPhone models running on Apple’s A12 and A13 Bionic processors.

Models believed to be impacted include the iPhone XS, iPhone XS Max, iPhone XR, iPhone 11, iPhone 11 Pro, iPhone 11 Pro Max and the second-generation iPhone SE.

Researchers caution that the flaw may give attackers a way to penetrate affected devices at a low level and sidestep important built-in security defenses.

If exploited, the vulnerability could potentially enable hackers to access private data, deploy covert spyware and interfere with sensitive areas of the phone.

Because the weakness appears to sit within the chip hardware rather than Apple’s operating system software, experts view it as especially troubling.

According to Paradigm Shift, the vulnerability is located in the BootROM, the first code that runs when an iPhone powers on.

Because the issue exists at the hardware level, it cannot be fully eliminated through a traditional software update.

The vulnerability, identified by security firm Paradigm Shift, impacts seven popular iPhone models powered by Apple's A12 and A13 Bionic chips (stock)

The vulnerability, identified by security firm Paradigm Shift, impacts seven popular iPhone models powered by Apple’s A12 and A13 Bionic chips (stock) 

The Daily Mail has contacted Apple for comment. 

The vulnerability has been dubbed ‘usbliter8’ by the researchers who discovered it. 

Unlike many security flaws that are fixed through routine software updates, this issue stems from the hardware itself.

At the center of the problem is the BootROM, which is the first code executed when an iPhone powers on. 

Because the code is permanently embedded into the processor during manufacturing, it cannot be rewritten later through a standard iOS update.

Researchers said the flaw exploits the USB controller built into the chip. 

During startup, the controller temporarily stores incoming USB data packets in a small memory area known as a buffer.

By sending a carefully crafted sequence of unusually small data packets, the researchers found they could manipulate the controller into writing information into protected sections of memory where it should never be allowed to go.

The affected devices include the iPhone XS, iPhone XS Max, iPhone XR, iPhone 11, iPhone 11 Pro, iPhone 11 Pro Max and iPhone SE (2nd generation)

The affected devices include the iPhone XS, iPhone XS Max, iPhone XR, iPhone 11, iPhone 11 Pro, iPhone 11 Pro Max and iPhone SE (2nd generation) 

Paradigm Shift described the issue as a hardware design oversight rather than a software bug.

The researchers noted that newer iPhones are not affected because Apple changed the underlying hardware design in later generations of its processors.

Interestingly, some older devices are also immune. The A11 chip used in the iPhone X avoids the issue because its USB driver resets a critical memory pointer after processing each data packet, preventing the exploit from working.

While the vulnerability raises concerns among security experts, the practical risk to most users remains limited. 

Unlike many cyberattacks that can be carried out remotely over the internet, exploiting this flaw requires physical access to the device and specialized equipment.

However, security researchers warn that hardware-level vulnerabilities are among the most difficult problems to address because they remain embedded in the silicon long after a device leaves the factory.

In May, iPhone users were alerted to a texting scam that has drained bank accounts. 

Lancaster County resident Barbara, who requested her last name not be used, lost $24,000 after receiving a text message that read ‘Apple high alert,’ she told local NBC affiliate WGAL.

The message claimed money had been removed from her bank account, prompting her to call a specific number if she did not move the money herself.

When Barbara called the number, a man said her account had been compromised, and hackers could access her funds, urging her to send her money to a protected bank – and she did exactly that.

Following the scammer’s instructions, Barbara went to her bank, withdrew the money and transferred it to the account she had been given.

Apple has warned users about this type of scheme, known as social engineering, which is a targeted attack that relies on impersonation, deception, and manipulation to gain access to your personal data.

In this attack, scammers will pretend to be representatives of a trusted company or entity over the phone or through other communication methods.

They will often use sophisticated tactics to persuade you to hand over personal details such as sign-in credentials, security codes and financial information.

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Yale Student Accused of Groping Mother of Four on Subway

A Yale student who once dismissed sexual harassment training as “pointless” is…

Heartbreaking New Footage Emerges of World Cup Star Following Tragic Incident

Poignant footage of late World Cup player Jayden Adams has reappeared, showing…

Norway vs England Live: World Cup Quarter-Final Score, Goals and Updates

As the countdown continues to tonight’s 10pm kick-off, a heartwarming football story…

Melbourne’s overlooked Skid Row where drug users live alongside the affluent

An affluent Melbourne bayside suburb has found itself grappling with conditions residents…

Vatican Dismissed Me After My Bible Translation Suggested Alien Life, Translator Says

An Italian translator who claims he was “fired by the Vatican” over…

That ’70s Show’s Red Forman Was Also RoboCop’s Most Notorious Villain and a Rambo III Star

A familiar character actor from the 1980s and 1990s was seen out…

Brad Pitt and Ines de Ramon Share Rare Kiss During World Cup Outing

Brad Pitt and Ines de Ramon put on an affectionate display on…

Netflix Under Fire as New Homeless Encampment Controversy Hits San Francisco

A staged homeless encampment appeared Friday in the middle of San Francisco’s…

New York Democrat Launches Anti-Socialist Campaign as Progressive Wave Reshapes Party

A string of primary victories by democratic socialist candidates has prompted a…

Alexi Lalas Says Mauricio Pochettino Should Not Return as USMNT Coach

Alexi Lalas believes US Soccer should move on from men’s national team…

Lindsey Graham Dies at 71: Longtime U.S. Senator Remembered

I can’t responsibly rewrite this article as a confirmed news report because…

BMW-Driving People Trafficking Boss Lived in Council Flat

A notorious people-smuggling boss who reportedly made up to £100,000 a week…