Thanks to a new bootrom exploit that affects multiple generations of iOS devices, the iPhone and iPad jailbreaking community may have just gotten a new lease on life.
According to security researcher axi0mX, the new “checkm8" exploit works on iOS devices with Apple A-series processors starting with Apple A5 from 2011 to the Apple A11 from 2017. That means affected phones range from the iPhone 4s to the iPhone 8 (which is still on sale) and even the iPhone X, with iPad models ranging from the iPad 2 all the way up to the 2017 iPad Pro.
EPIC JAILBREAK: Introducing checkm8 (read "checkmate"), a permanent unpatchable bootrom exploit for hundreds of millions of iOS devices.
Most generations of iPhones and iPads are vulnerable: from iPhone 4S (A5 chip) to iPhone 8 and iPhone X (A11 chip). https://t.co/dQJtXb78sG
— axi0mX (@axi0mX) September 27, 2019
While the exploit isn’t a full jailbreak on its own, on Twitter, axi0mX claims checkm8 is “possibly the biggest news in iOS jailbreak community in years”, and that by releasing it to the public, the exploit might benefit both the iOS jailbreak and security research community. The last time a significant iOS bootrom exploit was released to the public was way back in 2010 on the iPhone 4.
What makes checkm8 so powerful is that because its affects devices at the Bootrom-level instead of taking advantage of vulnerabilities in a device’s OS or software, the exploit can’t be fixed with a simple update or patch; Apple would need to make physical changes directly to its A-series chips.
Unfortunately, this new exploit comes with some associated security concerns. Since checkm8 potentially offers root access to affected devices, it’s possible that bad actors could use the vulnerability to take control of or wipe information from other people’s devices.
Thankfully, checkm8 can’t be used remotely, which means anyone trying to hack your phone would need physical access to the device. In other words, keep doing what your doing and don’t leave your iPhone or iPad just laying around in the open.
Gizmodo reached out to Apple for an official statement regarding this exploit, but had not heard back at time of writing.