Advertisement

‘Unpatchable’ iOS exploit sends jailbreak enthusiasts into a frenzy

'checkm8' takes advantage of a flaw that can't be patched by Apple.
iphone jailbreak
Photo by Paul Hudson/Flickr (CC BY 2.0)

A researcher released an “unpatchable” iOS exploit Friday that could make any iPhone from model 4S to 11 susceptible to a permanent jailbreak.

First pushed to Twitter by a researcher known as @axi0mX , the exploit works on devices with Apple chipsets from A5 to A11, which have powered iPhones and iPads since 2011. Apple’s newer chip models — A12 and A13 — are not affected.

The exploit, known as “checkm8,” takes advantages of flaws in Apple’s secure boot ROM (bootrom) and allows users to remove restrictions imposed on the devices by Apple or various telecom carriers.

Advertisement

On a normal device, users are confined to using Apple’s App Stores and company-approved software. Jailbroken phones give users a little bit more control while sacrificing the safeguards the company programs into devices by default.

Once used on a device, checkm8 then allows for users to downgrade their devices to previous iOS versions, run a device with a second operating system (dual booting), or run a custom-made firmware.

“If you’re an iOS security researcher, this will likely be the most exciting thing you’ll hear all year—possibly even for your entire career to-date,” writes Thomas Reed, a MalwareBytes security researcher.

A public bootrom exploit is extremely rare, and cannot be fixed with a software patch. The last one publicly released, “limera1n,” was issued by noted device jailbreaker George “geohot” Hotz.

There are some caveats to the exploit: access to the device is needed, along with a certain level of technical skill. The researcher responsible for checkm8 told ZDNet that he was having trouble getting it to work on older devices.

Advertisement

Apple did not respond to a request for comment.

Greg Otto

Written by Greg Otto

Greg Otto is Editor-in-Chief of CyberScoop, overseeing all editorial content for the website. Greg has led cybersecurity coverage that has won various awards, including accolades from the Society of Professional Journalists and the American Society of Business Publication Editors. Prior to joining Scoop News Group, Greg worked for the Washington Business Journal, U.S. News & World Report and WTOP Radio. He has a degree in broadcast journalism from Temple University.

Latest Podcasts