Unpatchable bootrom jailbreak comes out for iPhone 4S through iPhone X

Spread the love

A security researcher has published a new iOS jailbreak. It works on devices with chipsets between the A5 and A11 series. This also affects the iPhone X. This is a bootrom leak, which means that it is not possible to patch the error with software.

The jailbreak, called Checkm8, was published on September 27 by axi0mX and is available as beta on GitHub. Because it is a bootrom leak, it is not possible to patch Checkm8 software. Bootrom exploits are rare; they can only be repaired if the chip is physically changed. Apple has made the bootrom code increasingly difficult for developers in recent years.

The new ‘jailbreak’ is actually mainly a tool to perform a bootrom dump. That is different from previous jailbreaks where, for example, Cydia can be installed. Axi0mX has put the tool on GitHub in the hopes that other developers will continue working on the exploit. With the exploit, they can not only dump the SecureROM, but also, among other things, decrypt iOS keybags via an aes engine, or turn on JTAG. It is a tethered jailbreak, where the user must first connect the phone via USB. However, it is a permanent jailbreak that continues to exist even after a reboot.

Checkm8 works on all Apple devices from the iPhone 4S to the iPhone X. They have Apple’s A5 to A11 chips. According to axi0mX, the leak was closed in the iOS 12 beta period in the summer of 2018. With that version of iOS, Apple patched a vulnerability in the iBoot code, after which the exploit could no longer be exploited via USB. Currently, axi0mX has not yet made the jailbreak work on devices older than the iPhone 4S, but he expects it to be possible with some extra effort. The last Apple device with a bootrom exploit was the 2010 iPhone 4.

According to the discoverer, the leak was easy to find, but exploiting the flaw was not easy. The exploit only works when someone has physical access to a device via USB. Thus, an older iPhone cannot be rooted from a distance by someone with bad intentions.

You might also like
Exit mobile version