A new jailbreak that affects all iOS devices running on A5 to A11 chipsets was released by a security researcher. These chips are included in all Apple products released between 2011 and 2017 which includes eight generations of devices, from iPhone 4S to iPhone 8 and X.
The jailbreak makes use of a new exploit called Checkm8 that exploits vulnerabilities in Apple’s Bootrom (secure boot ROM) to grant phone owners total control over their device.
Axi0mX who was the security researcher that published Checkm8 stated that he had worked on the jailbreak all year.
He described Checkm8 as “a permanent unpatchable bootrom exploit,” that makes it one of the most extensive and efficient rooting tools of its type.
Most jailbreaks use vulnerabilities in the iOS operating system and its components to give users control over their devices. This new jailbreak is of different type.
Bootrom jailbreaks are very rare and they are permanent and can’t be patched. In order to fix any Bootrom vulnerability a silicon revision is required which involves physical modifications to device chipsets. It is not possible by any company to do so without callbacks or mass replacements. As a result, this is considered to be a permanent jailbreak that will work forever.
The last iOS Bootrom-based jailbreak was released a decade ago and so Checkm8 exploit is considered to be a remarkable achievement as many believed that the hardware avenue for rooting devices had long been closed. Since then, all iOS jailbreaks were software-based only that exploits the flaws in the operating system or its different components.
Usually Apple patches iOS within a few weeks to limit the impact of all jailbreaks to a short list of iOS versions, making rooting devices an ever more complicated task.
Axi0mX’s jailbreak is available on GitHub and the code is noted as a “beta” release. The jailbreaking exploits are normally packaged in easy to use tools. The Checkm8 is however in a raw form and is not advised for users without proper technical skills.
The jailbreak does not work on the two latest A12 and A13 chipsets. The researcher mentioned that he had not worked it on some older devices, like iPhone 4S, but he believes that it was possible with some effort.
One of the drawbacks of Checkm8’s are that the exploit can be used by threat actors to root devices. However, it is important to note that the jailbreak needs physical access to the device and so it is impossible to use it remotely.
As this is an unpatchable issue, the iOS users must be aware of this security issue and must think of upgrading to newer handsets with unaffected chips.