Apple’s jailbreak just became easier.
While a jailbreak is technically illegal, Apple users have been doing them since the launch of the very first iPhone. The motive being the increased control over the device, something that’s easily found in its archrival – Android.
However, making these jailbreaks isn’t easy either, it’s a tedious process that Apple has increasingly tried to block users from. Just last month, a patch was issued for one such vulnerability on certain Apple devices comprising of the iPhone X, XS Max, XR, the 2019 iPad Mini & iPad Air which were running iOS versions 12.4,12.2 or earlier ones.
Yet, a few hours ago, a cybersecurity researcher and iOS hacker who goes by the handle of @axi0mX has tweeted a new method named “checkm8“ which allows one to get around the company’s security protocols.
It basically exploits Apple’s Bootrom which contains the code that runs upon starting the iPhone. Hence, just like in Windows, it is one of the very first levels where users could exercise greater control if access is gained.
Moreover, since the exploit is not on the software level, it cannot be patched without Apple having physical access to the millions of iOS devices out there – an impossible feat due to the company’s large scale. Plus, why would users turn in their iPhones en masses themselves? Far fetched.
EPIC JAILBREAK: Introducing checkm8 (read "checkmate"), a permanent unpatchable bootrom exploit for hundreds of millions of iOS devices.
Most generations of iPhones and iPads are vulnerable: from iPhone 4S (A5 chip) to iPhone 8 and iPhone X (A11 chip). https://t.co/dQJtXb78sG
— axi0mX (@axi0mX) September 27, 2019
As evident from the tweet, the exploit could be used to jailbreak iPhone models that are using either the A5 or A11 chip, making up a range of phones from the iPhone 4S to iPhone 8 and the widely acclaimed iPhone X.
It is important to note though that it is not a full-fledged solution to implement, it could be termed as a resource that the engineering community could build on to develop working tools.
In another tweet, he also went on to mention how he found the vulnerability stating,
During iOS 12 betas in summer 2018, Apple patched a critical use-after-free vulnerability in iBoot USB code. This vulnerability can only be triggered over USB and requires physical access. It cannot be exploited remotely. I am sure many researchers have seen that patch.
For the time being, Apple needs to take control of the situation, primarily because this hurts their control over the ecosystem they’ve carefully built which in turn translates to lost revenue.
Therefore, it is crucial that the company dedicates more resources towards their security protocols, particularly hardware-based ones as those are the most impactful for them in the long run. We haven’t heard from the company yet, let’s see how this plays out in the larger scheme of things.