There is a new exploit that can permanently jailbreak iPhones from the iPhone 4s to iPhone 8 and X. These devices run on chips ranging from A5 to A11, and the vulnerability does not affect the A12 and A13. According to axi0mX, a researcher who discovered the vulnerability, Apple's latest phones are unaffected.
What this means...
Dubbed Checkm8, the exploit leverages "unpatchable" security weaknesses in Apple's Bootrom (SecureROM), the first significant code that runs on an iPhone while booting, which, if exploited, provides greater system-level access. The exploit is a bootrom vulnerability that could give hackers deep access to iOS devices on a level that Apple would be unable to block or patch out with a future software update. This is one of the biggest developments in the jailbreak community. Hundreds of millions of iPhone devices are affected by the exploit.
EPIC JAILBREAK: Introducing checkm8 (read "checkmate"), a permanent unpatchable bootrom exploit for hundreds of millions of iOS devices.
Most generations of iPhones and iPads are vulnerable: from iPhone 4S (A5 chip) to iPhone 8 and iPhone X (A11 chip). https://t.co/dQJtXb78sG
— axi0mX (@axi0mX) September 27, 2019
Features the Checkm8 exploit allows include as mentioned below:
EPIC JAILBREAK: Introducing checkm8 (read "checkmate"), a permanent unpatchable bootrom exploit for hundreds of millions of iOS devices.
Most generations of iPhones and iPads are vulnerable: from iPhone 4S (A5 chip) to iPhone 8 and iPhone X (A11 chip). https://t.co/dQJtXb78sG
— axi0mX (@axi0mX) September 27, 2019Most generations of iPhones and iPads are vulnerable: from iPhone 4S (A5 chip) to iPhone 8 and iPhone X (A11 chip). https://t.co/dQJtXb78sG
- Jailbreak and downgrade iPhone 3GS (new bootrom) with alloc8 untethered bootrom exploit.
- Pwned DFU Mode with steaks4uce exploit for S5L8720 devices.
- Pwned DFU Mode with limera1n exploit for S5L8920/S5L8922 devices.
- Pwned DFU Mode with SHAtter exploit for S5L8930 devices.
- Dump SecureROM on S5L8920/S5L8922/S5L8930 devices.
- Dump NOR on S5L8920 devices.
- Flash NOR on S5L8920 devices.
- Encrypt or decrypt hex data on a connected device in pwned DFU Mode using its GID or UID key.
How to use the vulnerability according to axi0mX
It’s still early days for the checkm8 exploit. There’s no actual jailbreak yet, meaning that you can’t simply download a tool, crack your device, and start downloading apps and modifications to iOS. axi0mX also notes that his exploit can not be performed remotely. Instead, it can only be triggered over USB and requires physical access. Apple hasn't responded and since the bootrom exploits are hardware-level issues and can not be patched without a hardware revision, a simple software update can't address the newly released bootrom exploit.
Jailbreaking iPhones basically allows you root access on your device to install third-party software, and modifications known as tweaks to optimize and give a better look to your devices. There’s still an active community of users who insist on having total control over their phones and tablet despite efforts by Apple for a better experience.
Source: The Hacker News