A newly released exploit for iOS devices could mean that every iOS device with an Apple A5 through Apple A11 processor can be jailbroken.
The new checkm8 exploit is said to work on everything from the iPhone 4S (2011) through the iPhone X (2017) could be vulnerable to the new exploit — plus most iPads and iPod touch models released during that period.
Oh, and unlike most vulnerabilities that can be used to jailbreak an iOS device, it looks like this one will be virtually impossible for Apple to patch via an over-the-air update.
EPIC JAILBREAK: Introducing checkm8 (read “checkmate”), a permanent unpatchable bootrom exploit for hundreds of millions of iOS devices.
Most generations of iPhones and iPads are vulnerable: from iPhone 4S (A5 chip) to iPhone 8 and iPhone X (A11 chip). https://t.co/dQJtXb78sG
— axi0mX (@axi0mX) September 27, 2019
That’s because the checkm8 exploit leverages a vulnerability in the bootrom — the code that runs when an iOS device first boots, and which is read-only memory, meaning it’s not overwritten when Apple pushes a new version of its operating system
The person behind checkm8 notes that it’s the first publicly released bootrom exploit since the iPhone 4, which was released in 2010.
In recent years, public disclosures of iOS vulnerabilities have become rather rare. It’s not necessarily that the vulnerabilities aren’t out there so much as that the folks who used to hunt for them for free are now joining security firms or doing independent research and then selling their discoveries to the highest bidder.
The public release of an exploit like checkm8 is a double-edged sword. On the one hand, since the information is available to anybody it can be used by security researchers and developers alike. On the other, it can also be used by folks who want to create malware.
The good news is that, for now at least, you need to connect a vulnerable iOS device to a computer via a USB cable to do anything with checkm8, so it’s unlikely that your older iPhone will be infected while you’re surfing the web.
And if you want to install apps that aren’t available in the App Store or access settings and features that aren’t normally available, you may eventually be able to jailbreak your phone and install a third-party app store like Cydia.
You may have to wait a little while to do that though — for now, checkm8 is just an exploit, and not a full-fledged tool for jailbreaking. It’s probably just a matter of time until someone packages the exploit into a user-friendly utility that you can use to jailbreak older iPhones, iPads, and iPod touch devices though.
Update: Ars Technica has an interview with axi0mX, the hacker behind the checkm8 exploit. Among other things, the site explains that the exploit only enables tethered jailbreaks, which means that you’ll need to re-jailbreak your phone any time you reboot your device. But there’s also more information about why Apple will probably never be able to patch this vulnerability on hundreds of devices that have already shipped.
The exploit also doesn’t affect the Secure Enclave on newer iPhones, which means that even if a malicious hacker were to obtain physical access to your phone, they wouldn’t be able to access your data without your login credentials — although it is possible that someone could install malware that could run *after* you’ve logged in. More details are in the Ars Technica interview.
via CNET, The Verge, and Hacker News