A permanent jailbreak has been released that Apple can’t do anything against; Exploit affects millions of devices
Back in August, security researcher pwn20wnd released an iOS 12 jailbreak that can be used by any device outfitted with A7 to A11 chip. Last week, the same researcher managed to include devices that have A12 and A12X processors.
Both exploits are considered one of the major breakthroughs in the jailbreaking community for years, but that now has been eclipsed by another massive vulnerability. And this isn’t something that Apple can patch up either. In fact, the tech giant can’t do anything about it at all.
Called checkm8, the exploit’s foundation has been built on Apple’s bootrom, with ROM standing for Read-Only Memory. What this means is that the jailbreak method is unpatchable since – as the exploit suggests – it’s Read-Only, Apple can’t modify it unless the company gets a hold of the affected device, which will span millions.
Jailbreaking a device is now permanent
“EPIC JAILBREAK: Introducing checkm8 (read "checkmate"), a permanent unpatchable bootrom exploit for hundreds of millions of iOS devices. Most generations of iPhones and iPads are vulnerable: from iPhone 4S (A5 chip) to iPhone 8 and iPhone X (A11 chip),” said security researcher axi0mX.
While this isn’t the first time that a bootrom exploit has been found, it is the first to cover millions upon millions of devices. The implications are staggering since there are a host of other things that can be done with this vulnerability, including a permanent jailbreak, custom firmware, dual-booting, and more.
Checkm8 going beyond jailbreaking
And on the darker side of things, the vulnerability also opens up millions of Apple users to attacks from malicious parties. Sure, they’ll need to get a hold of the device first. But what if an abusive spouse or a former lover managed to take advantage of checkm8? Jailbreaking is one thing, but stalkerware and other dangerous circumstances can potentially stem from this issue, WIRED reported.
Even axi0mX acknowledges how precarious the situation can become, citing border crossing or devices left unattended as one of the few examples that can quickly spiral out of control. But there are certain limitations to this. Bad actors can’t decrypt data on the device like emails or private messages since Apple’s Secure Enclave isn’t affected, says security engineer Kenn White. For the rest of the jailbreaking community, however, checkm8 opens up a lot of possibilities, a prospect that’s deeply exciting for anyone who has a passion for this particular technology.