A new technique to jailbreak iPhone 8 and iPhone X is discovered, correction by patch is impossible


William Hook

Axi0mX , a researcher on security, discovered a new iPhone jailbreak technique named ' Checkm8 ' and released a procedure on GitHub without the necessary code. Checkm8 can jailbreak a wide variety of devices ranging from iPhone 4s to iPhone X.

ipwndfu / checkm8.py at master · axi0mX / ipwndfu · GitHub

Developer of Checkm8 explains why iDevice jailbreak exploit is a game changer | Ars Technica

Jailbreaking devices such as iPhones allows developers to bypass restrictions imposed on device OSs, download apps from platforms other than legitimate app stores, and customize devices freely I can do it. It also allows malicious hackers to jailbreak certain devices and install malware, or to operate devices seized by investigators.

Checkm8, discovered by axi0mX, differs from many jailbreaking methods in that it exploits a boot ROM vulnerability that contains code that is executed first when an Apple product is launched. Checkm8 does not work on iPhone XS or iPhone 11 with A12 or later processor installed, but it affects the processors from A5 to A11, so it is effective and available for a wide range of devices from iPhone 4s to iPhone X. Are expected to have more than hundreds of millions worldwide.

Actually, axi0mX is jailbreaking iPhone X using Checkm8, and a movie of the situation is released on Twitter.

Because the boot ROM is in read-only memory in the processor, Apple cannot distribute the new patch and update the vulnerability. Therefore, even devices with the latest version of iOS can be jailbroken, and Checkm8 can be said to be a semi-permanently effective jailbreaking method.



According to axi0mX, Checkm8 requires physical access to the target device and cannot be executed remotely even when combined with other vulnerabilities. Also, rebooting will return the device to a non-jailbroken state, so if you want to permanently put the device into a jailbroken state, you must have physical access each time you reboot the device .

As for the possibility that Checkm8 can be abused by a malicious person, axi0mX thinks that 'the possibility of being exploited is not so high'. Apple has a security processor called Secure Enclave that stores passcode and fingerprint data on iPhone 6 and later devices. Since Checkm8 does not affect Secure Enclave, if a third party wants to see the data in the device, it can not steal the data without breaking the password and biometric authentication.

Axi0mX points out that a malicious person could get a third-party smartphone and use Checkm8 to install malicious malware, but these attackers do not like physical access. Axi0mX believes that there is no other way to attack the target remotely, so the risk of an attack using Checkm8 is not very high.

by stevepb

in Mobile,   Software,   Hardware,   Security, Posted by log1h_ik