Unpatchable iOS flaw used to jailbreak older iPhones

(Image credit: StockSnap/Pixabay)

A security researcher has released a new jailbreak which impacts all of Apple's mobile devices released between 2011 and 2017 including iPhone models from the 4S up to the iPhone 8 and even the iPhone X.

However, this jailbreak differs from those released in the past because it utilizes a new unpatchable exploit called Checkm8 that exploits vulnerabilities in Apple's Bootrom (secure boot ROM) to give iOS users full control over their devices.

The Checkm8 vulnerability was published by a security researcher called AxiomX who explained to ZDNet that he had worked on the jailbreak all year.

New law enforcement hacking tool can unlock most iPhone, Android handsets
iPhones hacked by malicious websites
Apple issues critical iOS patch to plug slip-up that allowed jailbreaking

AxiomX said on Twitter that Checkm8 is “a permanent unpatchable bootrom exploit” which means this jailbreak is far more extensive and efficient than those previously released for Apple's iPhone.

Bootrom jailbreak

In addition to being quite rare, bootrom jailbreaks are also permanent and can't be fixed with a patch. To fix a Bootrom vulnerability permanently would require a silicon revision and even a company as large as Apple would not want to issue a mass recall for iPhones just to modify device chipsets.

This means that the Checkm8 jailbreak is permanent and will work in perpetuity on the devices that have installed it. The last time a Bootrom-based jailbreak was released was back in 2009 and many believed that Apple had managed to secure its boot-up process and make these types of jailbreaks impossible since that time.

AxiomX's jailbreak is currently available on GitHub as a beta release though technical skills are required to install it as it has the potential to easily brick devices.

While a jailbreak of this kind could be used to install unofficial apps on iPhones, the Checkm8 vulnerability could also be exploited by hackers to root devices but this would require physical access to a device.

Also check out the best iPhone VPN apps of 2019

Via ZDNet

TOPICS

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.