Cybersecurity researchers have identified a major security vulnerability affecting several older iPhone models, raising concerns over potential deep-level device exploitation.
The flaw, uncovered by security firm Paradigm Shift, reportedly impacts seven iPhone models powered by Apple’s A12 and A13 Bionic chips.
The affected devices include the iPhone XS, iPhone XS Max, iPhone XR, iPhone 11, iPhone 11 Pro, iPhone 11 Pro Max, and iPhone SE (2nd generation).
Hardware-level vulnerability
Researchers say the issue is not a typical software bug but a hardware-level flaw embedded in the BootROM — the first code that runs when an iPhone is powered on.
Because BootROM is permanently built into the processor, it cannot be fully patched through standard iOS updates, making the vulnerability particularly concerning.
The flaw reportedly affects how the device handles USB data during startup. Security researchers say carefully crafted input could potentially manipulate memory processes, leading to unauthorized access to protected system areas.
Potential risks for users
Experts warn that if exploited, the vulnerability could allow attackers to:
- Access sensitive personal data
- Install hidden spyware
- Bypass key security protections
- Gain deeper system-level control of the device
However, researchers emphasize that the risk to everyday users is currently limited, as exploitation would require physical access to the device and specialized tools.
Which devices are safe?
Newer iPhone models are not affected due to changes in Apple’s hardware architecture. Some older devices, such as those using the A11 chip, are also reportedly immune due to different system design protections.
Apple has not yet issued a detailed public response regarding the newly reported vulnerability. Security analysts expect further clarification as investigations continue.
Background
The report comes amid increasing awareness of cybersecurity threats targeting mobile devices, including phishing and social engineering scams designed to trick users into revealing sensitive financial and login information.
In recent months, users have also been warned about impersonation scams where attackers pose as Apple representatives to steal money and personal data.
.png)
