A significant new exploit uncovered for iPhones models ranging from 2011’s 4S to the recent iPhone X, could breathe new life into the jailbreaking community and brings major security concerns.
Uncovered by security research ‘axiomX,’ the exploit, called ‘checkm8,’ works on iOS devices with Apple’s A-series processors. Affected processors include everything between the A5 and A11. Along with the iPhone 4S and iPhone X, it also affects the iPhone 8, which is still on sale. It also affects iPad models ranging from the iPad 2 to the 2017 iPad Pro. Some Twitter users suggest the Apple Watch is vulnerable to the exploit as well.
Checkm8 isn’t a jailbreak on its own, but axiomX claimed on Twitter that it was “possibly the biggest news in the iOS jailbreak community in years.” By releasing it to the public, axiomX hopes it might benefit the iOS jailbreak community and security research community.
EPIC JAILBREAK: Introducing checkm8 (read "checkmate"), a permanent unpatchable bootrom exploit for hundreds of millions of iOS devices.
Most generations of iPhones and iPads are vulnerable: from iPhone 4S (A5 chip) to iPhone 8 and iPhone X (A11 chip). https://t.co/dQJtXb78sG
— axi0mX (@axi0mX) September 27, 2019
For those unfamiliar with jailbreaking, it’s a method of escalating privileges on an Apple device to remove restrictions the company puts in the software. One of the main reasons to do this is to install software through means other than Apple’s App Store or to access more in-depth customization options.
Checkm8 uses a bootrom exploit, which means it doesn’t use vulnerabilities in a device’s OS or software. That makes checkm8 quite powerful because Apple can’t just patch it with a software update — the company would have to make physical changes to its A-series chips.
The iPhone 4 in 2010 was the last device to feature a significant bootrom exploit like this.
While good for jailbreakers, checkm8 presents major security concerns as well. The exploit allows potential root access to affected devices, which means bad actors could take control of or wipe a device.
The upside is that checkm8 can’t be used remotely, so anyone trying to gain access to an affected iPhone or iPad would need physical access to it. So, if you don’t leave your devices laying around where they’re easy to access, you shouldn’t have to worry.