An iOS hijacker and a cybersecurity researcher have made public what they claimed to be an “unquestionable permanent feat at boot”, that is, an epic jailbreak that works on all iOS devices, the iPhone 4s (A5 chip) iPhone 8 a through the iPhone X (chip A11).
Nicknamed Checkm8, this exploit exploits security weaknesses that cannot be resolved in Apple’s Bootrom (SecureROM), the first significant code that runs on an iPhone at startup, which, if exploited, provides wider system access
“EPIC JAILBREAK: An introduction to checkm8 (read” checkmate “), a permanent and uncontrollable bootrom exploit for hundreds of millions of iOS devices,” said axi0mX , announcing the launch of the exploit on Twitter.
This new exploit came exactly one month after Apple released an emergency patch for another critical jailbreak vulnerability that works on Apple devices, including the iPhone XS, XS Max and XR, as well as the iPad Mini and iPad Air 2019, with iOS 12.4 and iOS 12.2 or earlier. .
Because boot vulnerabilities are hardware-level problems and cannot be solved without a hardware revision, a simple software update cannot handle the newly launched boot vulnerability.
It should be noted that the Checkm8 operation is not a complete jailbreak with Cydia, but a feat that researchers and the jailbreak community can use to develop a fully operational jailbreak tool.
Features that the Checkm8 exploit allows to include as mentioned below:
- Jailbreak and degradation of the iPhone 3GS (new boot) with the unallocated boot exploit alloc8.
- DFU mode created with steaks4uce for S5L8720 devices.
- DFU mode created with limited exploit for S5L8920 / S5L8922 devices.
- DFU Pwned mode with SHAtter exploit for S5L8930 devices.
- Make a backup of SecureROM on the S5L8920 / S5L8922 / S5L8930 devices.
- NOR dump on S5L8920 devices.
- NOR flash on S5L8920 devices.
- Encrypt or decrypt hexadecimal data on a device connected in independent DFU mode using its GID or UID key.
- “This is perhaps the most important news of the iOS jailbreak community for years, and I publish my exploit for the benefit of the iOS jailbreak search and security community for free,” said axi0mX, who published the exploit. on GitHub.
“Researchers and developers can use it to dump SecureROM, decrypt keys with the AES engine and degrade the device to enable JTAG, and still need additional hardware and software to use JTAG.”
axi0mX claims to have discovered the underlying boot vulnerability by analyzing a security patch released by Apple in 2018 to address a USB iBoot vulnerability discovered earlier.
axi0mX also points out that your exploit cannot be achieved remotely. Instead, it can only be activated via USB and requires physical access.
The jailbreak only works on iPhones equipped with Apple’s A5 and A11 chipsets and does not work on the last two chipsets, that is, A12 and A13.
Do you have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn group.