Apple iPhone is considered to be one of the most secure smartphones on the planet. However, it is not immune from threat vectors that could jailbreak the device. A newly discovered iOS exploit is so severe that it could lead to permanent jailbreak on hundreds of millions of iPhones. The exploit was discovered by researcher axi0mX and is being dubbed as “checkm8” (read checkmate). The bootrom vulnerability introduces permanent unpatchable exploit for hundreds of millions of active iOS devices.
The exploit affects iPhones powered by older Apple A5 chip to newer Apple A11 chipset. In other words, it affects devices ranging from iPhone 4S to iPhone 8 and iPhone X. The researcher explains that the exploit gives hackers deep access to iOS that Apple would be unable to block or patch with a future update. While jailbreaking has lost its sheen, this new exploit will make it the biggest success for the hacking community. As a bootrom exploit, it takes advantage of a security vulnerability in the initial code that iOS devices loaded when they boot up.
The researcher notes that since it is ROM (read-only memory), it cannot be overwritten or patched by Apple. This leaves millions of devices exposed to hack and permanent jailbreak. The last iOS device with a public bootrom exploit was the iPhone 4, which was released in 2010. In a follow-up tweet, axi0mX notes that Apple patched a critical use-after-free vulnerability in iBoot USB code during iOS 12 betas in summer of 2018. This allowed for the discovery of this bootrom exploit.
EPIC JAILBREAK: Introducing checkm8 (read “checkmate”), a permanent unpatchable bootrom exploit for hundreds of millions of iOS devices.
Most generations of iPhones and iPads are vulnerable: from iPhone 4S (A5 chip) to iPhone 8 and iPhone X (A11 chip). https://t.co/dQJtXb78sG
— axi0mX (@axi0mX) September 27, 2019
The vulnerability can only be triggered over USB and required physical access. It cannot be exploited remotely, which should be seen as a relief. While the exploit can be seen as a threat vector, it is also seen as a tool by jailbreakers and developers. “A bootrom exploit for older devices makes iOS better for everyone. Jailbreakers and tweak developers will be able to jailbreak their phones on latest version, and they will not need to stay on older iOS versions waiting for a jailbreak,” the researcher explained.
If you own an iPhone X or older model then there is no need for you to panic right way. There is no actual jailbreak available yet for checkm8 and you cannot download a tool and crack an iPhone to make modifications. However, it will allow developers and researchers to use checkm8 as an entry point into the newest version of iOS on older devices and find new bugs. Apple also accidentally unpatched a vulnerability that open modern iOS devices for jailbreaks. As axi0mX notes, “Jailbreaking is not dead. Not anymore. Not today, not tomorrow, not anytime in the next few years.”