Skip to main content

Unpatchable iOS flaw used to jailbreak older iPhones

A security researcher has released a new jailbreak which impacts all of Apple's mobile devices released between 2011 and 2017 including iPhone models from the 4S up to the iPhone 8 and even the iPhone X.

However, this jailbreak differs from those released in the past because it utilizes a new unpatchable exploit called Checkm8 that exploits vulnerabilities in Apple's Bootrom (secure boot ROM) to give iOS users full control over their devices.

The Checkm8 vulnerability was published by a security researcher called AxiomX who explained to ZDNet that he had worked on the jailbreak all year. 

AxiomX said on Twitter that Checkm8 is “a permanent unpatchable bootrom exploit” which means this jailbreak is far more extensive and efficient than those previously released for Apple's iPhone.

Bootrom jailbreak

In addition to being quite rare, bootrom jailbreaks are also permanent and can't be fixed with a patch. To fix a Bootrom vulnerability permanently would require a silicon revision and even a company as large as Apple would not want to issue a mass recall for iPhones just to modify device chipsets.

This means that the Checkm8 jailbreak is permanent and will work in perpetuity on the devices that have installed it. The last time a Bootrom-based jailbreak was released was back in 2009 and many believed that Apple had managed to secure its boot-up process and make these types of jailbreaks impossible since that time.

AxiomX's jailbreak is currently available on GitHub as a beta release though technical skills are required to install it as it has the potential to easily brick devices.

While a jailbreak of this kind could be used to install unofficial apps on iPhones, the Checkm8 vulnerability could also be exploited by hackers to root devices but this would require physical access to a device.

Via ZDNet



from TechRadar - All the latest technology news https://ift.tt/2o0jvhP

Comments

Popular posts from this blog

The future of Magic Leap's promising AR efforts dim after layoffs

The Magic Leap Two is now further away than ever, unfortunately. Today in a blog post the augmented reality pioneer announced major layoffs and has decided to cut up to half of its workforce, according to some reports. The original Magic Leap One was supposed to be one of the first mainstream augmented reality headsets when it launched in 2018, but a high price point and lack of interest from developers left the headset high and dry after launch. According to the blog post, Magic Leap says it will be focusing its efforts on enterprise solutions (a statement HTC has made recently as well) and shift its focus away from consumer technology… at least for the time being.  The company has been open about creating a second headset that would offer improved specs for some time, but how that work will now have to go forward without half of the team , according to some estimates, remains to be seen. Is the window closing on augmented reality?  Although it’s just one company, Magic...

Google Docs, Search and Translate and pushing Edge users to switch to Chrome

Microsoft's new and improved Edge browser seems to be giving Google some cause for concern, and the company is now using its hugely popular online services to nudge recently converted Edge users back towards Chrome. Last week, it emerged that Google was attempting to scare Edge users into switching browsers when they visited the Chrome Web Store to grab some extensions. Chrome and Edge use the same Chromium engine, so plug-ins built for one will work in both. However, users visiting the Chrome Web Store using Edge are now shown a warning message stating "Google recommends switching to Chrome to use extensions securely." Find out how to get Chrome dark mode You can also get Gmail dark mode Finally, why not try WhatsApp dark mode ? As TechDows and MicrosoftPoweruser report, Google is now becoming even more pushy, presenting Edge users with pop-up alerts when they visit various services, including Docs, Translate, Search and Drive. Feeling tempted? These notifica...