A security expert has released a new jailbreak, dubbed Checkm8, that impacts all iOS devices running on A5 to A11 chipsets , it works on iPhone models from 4S to 8 and X.
The security expert Axi0mX has released a new jailbreak, dubbed Checkm8, that works on all
Checkm8 leverages vulnerabilities in the Apple Bootrom (secure boot ROM) to achieve full control over their device.
“The bootrom (called “SecureROM” by Apple) is the first significant code that runs on an iDevice. The bootrom is read-only. Finding exploits in the bootrom level is a big achievement since Apple won’t be able to fix it without a hardware revision.” reads a description for the BootRom.
The expert who devised the Checkm8 jailbreak described it as “a permanent
Bootrom jailbreaks are very dangerous because they are permanent and can’t be addressed via software, in order to patch a Bootrom flaw it is necessary to physical modify the chipsets.
Axi0mX’s jailbreak code is marked as a “beta” release, but there is the concrete possibility that experts coders or intelligence agencies will integrate it in hacking tools and malware.
“What I am releasing today is not a full jailbreak with Cydia, just an exploit. Researchers and developers can use it to dump SecureROM, decrypt
“Features the exploit allow include:
- Jailbreak and downgrade iPhone 3GS (new
bootrom ) with alloc8untethered bootrom exploit. 🙂 Pwned DFU Mode with steaks4uce exploit for S5L8720 devices.Pwned DFU Mode with limera1n exploit for S5L8920/S5L8922 devices.Pwned DFU Mode with SHAtter exploit for S5L8930 devices.- Dump SecureROM on S5L8920/S5L8922/S5L8930 devices.
- Dump NOR on S5L8920 devices.
- Flash NOR on S5L8920 devices.
- Encrypt or decrypt hex data on a connected device in
pwned DFU Mode using its GID or UID key.“
Currently, the jailbreak does not work on Apple’s latest two A12 and A13
Experts pointed out that the jailbreak needs physical access to the device, so and could not be used remotely.
“During iOS 12 betas in summer 2018, Apple patched a critical use-after-free vulnerability in
“That’s how I discovered it. It is likely at least a couple other researchers were able to exploit this vulnerability after discovering the patch. The patch is easy to find, but the vulnerability is not trivial to exploit on most devices.”
|
(SecurityAffairs – Checkm8, hacking)