GoKawiilThe notch at the top of an iPhone XS Max. Image: Maria Diaz / ZDNET
Follow ZDNET: Add us as a preferred source on Google.
ZDNET's key takeaways
A security flaw in certain iPhones leaves them vulnerable.
The flaw affects iPhones with an A12 or A13 processor.
The flaw is ROM-based, so Apple can't patch it with a security update.
Do you still use an iPhone 11, XS, XR, or SE? If so, I have some bad news. Yep, another security flaw has been discovered, and Apple can't fix this with one of its typical updates.
In a blog post published on Thursday, cybersecurity firm Paradigm Shift revealed a security vulnerability that it discovered and successfully exploited in older model iPhones with Apple's A12 or A13 chip. Dubbed usbliter8, the flaw affects the boot ROM, aka SecureROM, code of an iPhone, which executes before the operating system loads. By exploiting usbliter8, an attacker could install their own malicious code or run unauthorized commands on a victimized iPhone.
Also: Apple confirms price increases are coming - how much will it cost you?
Because the flaw is in the device's ROM, Apple can't patch it via a software update. The only saving grace is that the flaw can't be triggered remotely. An attacker would need physical access to your phone. They would also need enough time to restart your device and enough know-how to take advantage of the exploit.
... continue reading