iOS Exploit Could Leave Millions of iPhones Vulnerable to Permanent Jailbreaking

iPhone and iPad models launched between 2011 and 2017 are said to be vulnerable.

By Nadeem Sarwar | Updated: 28 September 2019 15:20 IST

iOS Exploit Could Leave Millions of iPhones Vulnerable to Permanent Jailbreaking

The vulnerability exists in devices with Apple chips from A5 to A11 series

Highlights

Checkm8 is a bootrom exploit that can’t be patch by software updates
iPhone 4S and later models, all the way up to iPhone X, are vulnerable
The vulnerability is in the device’s read-only memory (ROM)

Apple earlier this month released a fix with the iOS 12.4.1 update to patch a bug that could allow hackers to jailbreak an iPhone. It appears that the respite for Apple is not long-lasting. A new exploit in iOS, classified as a bootrom vulnerability, has been spotted. It reportedly makes it possible to permanently jailbreak an iPhone. The vulnerability affects all iPhone models, from iPhone 4s to iPhone X. But the scary part is that the exploit can't be patched via a software update, leaving millions of iPhones across the globe vulnerable to jailbreaking.

The exploit, which has been named “checkm8”, was discovered by a security researcher who goes by the name @axi0mX on Twitter. The researcher also shared what he calls “open-source jailbreaking tool for many iOS devices” on GitHub that is meant for researchers and is not a full-fledged jailbreak tool compatible with Cydia. The tool can be used to downgrade to an older version of iOS, but definitive proof of it being done is yet to arrive, and there are still a lot of loose ends.

The tool is currently in beta and also comes with the risk of bricking the iPhone on which it is tried. The security expert behind the discovery notes that the iPad and iPhone models, starting with the iPhone 4S and up to the iPhone X, ship with the exploit, which means anyone with the right tools and access to the phone can jailbreak it. The biggest worry is that checkm8 is a bootrom exploit, and that means Apple can't patch it by sending a software update. So, the devices mentioned above will continue to remain vulnerable.

In order to perform the jailbreak, one needs physical access to an iPhone and a computer to connect both the devices via a USB cable, as the jailbreak can not be performed remotely. But the person who discovered it mentions that it is possible to create a cable or dongle than can take advantage of the exploit to jailbreak an iPhone without even requiring a computer in the first place. Apple is yet to release a statement regarding the new discovery, but the researcher who discovered it claims checkm8 is “the biggest news in iOS jailbreak community in years.”

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.