Security researcher axi0mX has announced the release of checkm8, a new permanent unpatchable bootrom exploit for the iPhone 4S to iPhone X!
EPIC JAILBREAK: Introducing checkm8 (read “checkmate”), a permanent unpatchable bootrom exploit for hundreds of millions of iOS devices. Most generations of iPhones and iPads are vulnerable: from iPhone 4S (A5 chip) to iPhone 8 and iPhone X (A11 chip).
Jonathan Levin notes that this means iPhone X and earlier devices can be booted to any iOS version with no SHSH/APTickets, booted to any OS (e.g. Android), and potentially compromised by an attacker; however, a password would still be required for private data.
Not “possibly the biggest”. THE Biggest. Congratulations to @axi0mx! Thankfully AAPL eventually patched this – the stuff Cellebrite , Grey key etc base their entire business model on. For researchers,this is a great boon:Brings back tethered, JB&opens up dual boot, for life!
Axi0mX is releasing the exploit for free to benefit the iOS jailbreak and security research community.
“What I am releasing today is not a full jailbreak with Cydia, just an exploit. Researchers and developers can use it to dump SecureROM, decrypt keybags with AES engine, and demote the device to enable JTAG. You still need additional hardware and software to use JTAG. Maybe someone can figure out a nice way to use JTAG on iPhone without proprietary hardware and software. I and many others would be forever grateful if someone makes that possible.”
Apple patched this exploit in the summer of 2018. It was via this patch that axi0mX was able to discover the vulnerability; however, it was not trivial to exploit.
Notably, pwn20wnd has already expressed interested in turning the exploit into a full working jailbreak with Cydia.
The Bootrom exploit may take some time to implement in a jailbreak but I am interested in it — I will still be continuing the development of the unc0ver jailbreak and will soon push a major stability update for A12. Stay tuned.
You can download checkm8 from here.