Unpatchable iPhone Vulnerability: Critical BootROM Flaw Affects Older Models

June 19, 2026 Rachel Kim – Technology Editor Technology

Security researchers have identified an unpatchable vulnerability in older iPhones that could allow unauthorized access to device data, according to multiple independent reports. The flaw, embedded in the BootROM of Apple’s A12 and A13 chips, affects devices including the iPhone 6s, 7, 8, and 11 models, according to t3n, heise online, and Golem. The issue, first disclosed by researchers at the Chaos Communications Congress in late 2023, remains unresolved as of early 2024, with no official patch from Apple.

The vulnerability exploits a hardware-level flaw in the Secure Enclave, a dedicated processor within Apple’s SoC chips designed to safeguard sensitive data like biometric information and encryption keys. Researchers from the group 31C3 noted that the flaw is “unpatchable” because the BootROM code is permanently stored in read-only memory, making it impossible to update via software. “Once a device is manufactured with this flaw, it remains vulnerable for its entire lifecycle,” said a researcher cited by Golem. Apple has not publicly acknowledged the issue or provided a workaround.

Devices impacted by the flaw include the iPhone 6s, 7, 8, and 11, as well as select iPad models with A12 or A13 chips, according to Mac Life. The vulnerability’s reach extends to Apple Watches paired with these devices, as noted by WinFuture. Security experts warn that the flaw could enable attackers to bypass encryption, extract stored data, or install persistent malware. “This isn’t a software bug—it’s a fundamental design flaw in the hardware,” said a cybersecurity analyst quoted in heise online. “There’s no way to mitigate it without replacing the chip.”

Apple releases security update for vulnerability in iPhones, iPads and Macs

The flaw, dubbed “Usbliter8” by some researchers, was first highlighted in a technical paper presented at the 31C3 conference in December 2023. The paper detailed how the BootROM’s code could be exploited during the device’s boot process to execute arbitrary code. Apple’s BootROM is designed to verify the integrity of the operating system before loading it, but the vulnerability allows attackers to manipulate this verification step. “This creates a backdoor that could be used for jailbreaking or malicious firmware installation,” the paper stated. No known attacks exploiting the flaw have been reported as of early 2024.

Apple has not issued a public statement addressing the vulnerability, despite multiple inquiries from media outlets. The company’s support documentation for affected devices does not mention the issue, and no firmware updates have been released to address it. “We are aware of the reports and are investigating the matter,” an Apple spokesperson said in a statement provided to t3n. “Users are advised to keep their devices updated with the latest software, as Apple regularly releases security patches.”

The discovery has raised concerns about the long-term security of older devices, particularly as Apple shifts focus to newer models with updated hardware. Security researchers emphasized that users of affected devices should avoid connecting to untrusted USB ports or downloading unsanctioned software, which could increase the risk of exploitation. “This is a wake-up call for users to consider the lifecycle of their hardware,” said a researcher from the Chaos Communications Congress. “Even devices considered secure can have hidden vulnerabilities that outlive their support.”

, , , , , , , , ,