MacRumors

macrumors bot
Original poster
Apr 12, 2001
54,102
15,887



A security researcher who goes by "axi0mX" on Twitter today released "checkm8," which he claims is a bootrom exploit for iOS devices equipped with A5 through A11 chips, including the iPhone 4S through iPhone X, several iPad models dating back to the iPad 2, and the fifth-generation iPod touch and later.

trio-iphones-ios.jpg

This would be the first publicly released bootrom exploit since the iPhone 4 in 2010 and pave the way for a permanent, non-patchable jailbreak on hundreds of millions of affected iOS devices. Since the bootrom is read-only, Apple cannot patch this type of exploit with a software update.

EPIC JAILBREAK: Introducing checkm8 (read "checkmate"), a permanent unpatchable bootrom exploit for hundreds of millions of iOS devices.Most generations of iPhones and iPads are vulnerable: from iPhone 4S (A5 chip) to iPhone 8 and iPhone X (A11 chip). https://t.co/dQJtXb78sG - axi0mX (@axi0mX) September 27, 2019

The bootrom exploit has many other possibilities on affected devices, including downgrading iOS versions without SHSH blobs or APTickets, dual booting iOS, and running custom firmwares, according to jailbreak enthusiasts.

This is significant news in the jailbreaking community, as the last bootrom exploit known as "limera1n" was released by George "geohot" Hotz nearly a decade ago for devices with A4 chips and earlier, including the iPhone 4, iPhone 3GS, the third- and fourth-generation iPod touch, and the original iPad.

Article Link: Checkm8 Exploit Opens Door to Unpatchable Jailbreak on iPhone 4S Through iPhone X
 

zorinlynx

macrumors 604
May 31, 2007
6,782
11,810
Florida, USA
This can't be good for the security of these devices...
And have malware installed or spying on you. No thanks. Apple should have gotten their sh** together and not have had the exploit open for nearly a week.

This is a bootrom exploit. It can only be exploited when the device is in DFU recovery mode and will not affect the security of devices being used normally.

This is really the best kind of jailbreak exploit because only the people who really want to go out of their way to jailbreak can use it. Regular users are safe; all it means is that people can do whatever they like with these devices they own now.
 
Comment

realtuner

Suspended
Mar 8, 2019
1,714
5,053
Canada
Meh, nothing to worry about.

If this could be done on someone else’s iPhone without their knowledge, that that would be a massive security hole. As is it poses no threat to anyone and is more of a curiosity people can play around with.

The “unpatchable” part is misleading. Apple can’t patch a device that’s had this performed, but they sure can make changes to iOS to prevent this from working in the future.
 
Comment

rjohnstone

macrumors 68040
Dec 28, 2007
3,743
4,102
PHX, AZ.
Similar to unlocking the boot loader on an Android device.
This does have security implications as it will allow devs to get into the secure boot area for more detailed analysis.
Being able to decrypt and dump the entire secure boot rom must have law enforcement agencies drooling.
 
  • Like
Reactions: Romeo_Nightfall
Comment

centauratlas

macrumors 65816
Jan 29, 2003
1,447
2,521
Florida
This is a bootrom exploit. It can only be exploited when the device is in DFU recovery mode and will not affect the security of devices being used normally.

This is really the best kind of jailbreak exploit because only the people who really want to go out of their way to jailbreak can use it. Regular users are safe; all it means is that people can do whatever they like with these devices they own now.

I reality, "regular users" are NOT safe. If your phone is ever stolen or lost someone will have physical access to your device and then is able to potentially access EVERYTHING on it. Or even if someone just has access to the phone for a little while, they could install spyware/malware and you would probably not know it.

This is a huge deal IF true.

(Of course, the cynic will say, "ah ha, this will enable a huge replacement cycle...lol. And those companies selling exploits to law enforcement and authoritarian governments could see their market dry up.)
 
Last edited:
Comment

honglong1976

macrumors 68000
Jul 12, 2008
1,519
966
UK
I haven't been jailbroken since the 3G, what's the big draw of a jailbreak now a days?
Copied games. Although as annoying as DLC is, and paying to unlock the game. It is a good method to prevent copied games. Although, those dodgy guys always find a way!
 
Comment

zorinlynx

macrumors 604
May 31, 2007
6,782
11,810
Florida, USA
I reality, "regular users" are NOT safe. If your phone is ever stolen or lost someone will have physical access to your device and then is able to potentially access EVERYTHING on it. Or even if someone just has access to the phone for a little while, they could install spyware/malware and you would probably not know it.

This is a huge deal.

(Of course, the cynic will say, "ah ha, this will enable a huge replacement cycle...lol.)

They will still need your passcode to decrypt the key for the data partition on the phone. They won't have access to anything without your passcode. Apple has thought this stuff through.
 
Comment

Khedron

Suspended
Sep 27, 2013
2,561
5,732
I reality, "regular users" are NOT safe. If your phone is ever stolen or lost someone will have physical access to your device and then is able to potentially access EVERYTHING on it. Or even if someone just has access to the phone for a little while, they could install spyware/malware and you would probably not know it.

This is a huge deal.

(Of course, the cynic will say, "ah ha, this will enable a huge replacement cycle...lol.)

Tim just had to put up that billboard...

apple.jpg

[automerge]1569596438[/automerge]
They will still need your passcode to decrypt the key for the data partition on the phone. They won't have access to anything without your passcode. Apple has thought this stuff through.

Once the data is copied off the phone can't you brute force it without fear of being locked out? What's the encryption like?
 
Comment
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.