A vulnerability among older iPhones was revealed by a Barcelona-based firm.

iPhone 11, other iPhones prone to hacking, report says no software update can fix it

A Barcelona-based cybersecurity firm has publicly revealed a vulnerability in older Apple models' chips. The report points out that it could affect iPhones up to the iPhone 11. And here is the catch: there is no software update that can fix it.

by · India Today

In Short

  • A vulnerability among older iPhones was revealed by a Barcelona-based firm
  • The flaw affects iPhones running Apple's A12 and A13 chips
  • The vulnerability is found in the Boot ROM

If you are still using an older iPhone — such as iPhone XS, XR, or iPhone 11 — here is something worth paying attention to. A cybersecurity company has publicly revealed a vulnerability in the chips powering those devices, one that could potentially allow hackers to break into them. And the tricky part? It apparently cannot be fixed with a software update, per the company.

The company behind the discovery is Paradigm Shift, an offensive cybersecurity firm based in Barcelona. On Friday, the company published details of a vulnerability it has named "usbliter8," along with a proof of concept showing how the exploit works. The flaw affects iPhones running Apple's A12 and A13 chips, which were released in 2018 and 2019 respectively and are found in devices up to the iPhone 11.

What exactly is the vulnerability

To understand why this matters, it helps to know what the Boot ROM is. Every time you turn on your iPhone, the Boot ROM is the very first piece of code that runs. It is essentially the phone's first line of defence against anyone trying to tamper with it. If someone can exploit the Boot ROM, they can potentially bypass the security checks that follow and work their way deeper into the device.

That is exactly what usbliter8 makes possible. Paradigm Shift discovered a bug in the USB controller built into Apple's A12 and A13 chips. The flaw is rooted in how the controller handles certain data transfers, and it creates what researchers call a buffer underflow, a situation where data ends up being written to parts of memory it was never supposed to reach. By exploiting this in a specific sequence, an attacker with physical access to the phone – meaning they need to actually plug a cable into it – can gain control over the device's boot process.

The critical detail here is that the Boot ROM is burned directly into the chip. It is immutable, meaning it cannot be changed, updated, or patched remotely. Paradigm Shift itself acknowledged this in its report, noting that for affected users, moving to a newer device is the most effective way to protect themselves.

Should you be worried

The short answer is: not immediately, but it is worth being aware of. This is not the kind of vulnerability that allows someone to hack into your iPhone remotely from across the room. Physical access to the device is required, which significantly limits who can realistically use it.

That said, the publication of usbliter8 is significant in the world of security research. Companies that specialise in breaking into seized phones for law enforcement, such as Cellebrite, likely already have similar techniques at their disposal. What this release does is put that knowledge into the wider public domain, which could help other researchers build on it, potentially leading to a full iPhone jailbreak for these older devices.

For now, if you are using an iPhone 11 or older, the honest advice is to consider upgrading if you can. And if upgrading is not an option, being mindful of who has physical access to your device is the most practical precaution you can take.

- Ends

Do Hindi users pay more for AI? New data says Claude is expensive for non-english speakersYou may not realise it, but speaking to AI in Hindi could cost more than speaking in English. New research suggests the way chatbots process different languages may be creating a hidden "language tax" for millions of non-English users worldwide.Divya Bhati, 23 Jun 2026CRED founder Kunal Shah to become global CEO of WhatsAppKunal Shah, who also happens to be the founder of CRED, will take charge of WhatsApp globally. Meta has announced that Shah will become the next Head of WhatsApp, succeeding Will Cathcart. Here are all the details.Ankita Garg, 22 Jun 2026Telegram is back in Play Story and Apple App Store, Jio & Airtel still blocking appTelegram has started returning for users in India after a temporary ban during the NEET-UG re-examination period. The court-backed restriction and its rollback have kept the focus on exam integrity, platform control and free speech.Om Gupta, 23 Jun 2026