Permanent Bootrom Exploit for iOS Devices with A5-A11 Processors
This data is scraped automatically and may be incorrect.
- [Release] Introducing checkm8 (read "checkmate"), a permanent unpatchable bootrom exploit for hundreds of millions of iOS devices.
- Word count
- 35 words
This basically means that any iPhone from the 4S to the X are able to be jailbroken without Apple being able to do much to stop them since the bootrom is...well, read only. Since Apple is selling the iPhone 8/8 Plus still, this is a pretty big deal. They'd have to do a hardware revision to fix it.
The downside is that these devices are now vulnerable to all sorts of malicious attacks. An attacker would still need physical access to the device, but it's still not good.
Note: I've linked to the /r/jailbreak thread about it because the Tweet that the thread links to lacks any sort of context and the thread provides some good context for what this means for iOS devices going forward. If anyone thinks the Tweet is the more appropriate link, feel free to change it.
I'm supposed to be getting an iPhone SE later today, so this is perfect, I'm planning on jail breaking it if it's possible to do so. I'd actually gladly trade a physical access vulnerability, at which point I assume the device is compromised anyway, for the customizability and flexibility jail breaking offers.
A good assumption to make.
One thing to note is that it is a tethered exploit. So if you reboot, you’ll need your computer around.
Yeah, that's definitely the biggest downside, but given how rarely I usually reboot my phone, I think I'd still make it. I'll probably first try exploiting iOS 12 if it has it though, since that one doesn't need to be tethered. I'm hoping eventually someone will make a little device that injects the exploit on the go without needing a computer, that would make this absolutely perfect!
Did you get your SE and was it on 12.4?
I did! And it’s on 12.3.1 actually. Been absolute ages since I’ve looked into anything jailbreaking or even owned an Apple product, so I don’t know if that’s a good version to be on or not... But I have no intentions of updating until I know more, so I won’t accidentally wipe it out.
12.3-12.3.2 unfortunately don't have jailbreaks actually. 12.0-12.2 and 12.4.0 do though. if you have the option of updating to 13.0 you should consider it as usually major versions are jailbreakon within a few months of their release. on the other hand maybe 12.3.1 will get a jailbreak but 13.0 won't. who knows.
either way this is just with current jailbreaks (chimera or unc0ver) and obviously the news in op would change that. the jailbreak from that would be tethered though which would be more of a hassle than the current semi-untethered jailbreaks.
Interesting, thank you very much. Yeah, I’d definitely prefer the untethered if possible, guess I’ll give it a few months and see about jail breaking then. I’ll definitely consider updating then, especially since it’s unlikely anyone will do it for 12.3 now and there’s always unc0ver.
It's a shame it came with that specific version -- but like hhh said, go up to 13. Might as well start collecting blobs with https://tsssaver.1conan.com/ or use the telegram bot https://telegram.me/rjailbreakbot just in case.
If this whole bootrom thing hits us normal folk, it'll be a game changer -- and ultimately better for everybody involved.
I've had an SE for a few years. It's the best form factor. Welcome to the club!
Yeah, I chose it specifically for the form factor. Not a fan of iOS and definitely not of Apple as a company, but no one else makes small phones anymore, and this is a mighty fine product after using it for a day. Totally worth it!
And thanks, I’ll be sure to do that then. Would it be wise to stay on 13.1.1, as opposed to upgrading to any future minor releases?
I'd go up to 13.0 for now - but get all of your blobs just in case. I've only switched versions with blobs once, but it worked well.
Some more info about this exploit and its connotations in this post on Trail of Bits: Tethered jailbreaks are back
Link to the files: https://github.com/axi0mX/ipwndfu
Somewhat unrelated, but if Microsoft has acquired GitHub, what are the legal implications of hosting code which allows one to potentially break the TOS of an Apple device?