Unpatchable iOS flaw used to jailbreak older iPhones

(Image credit: StockSnap/Pixabay)

A security researcher has released a new jailbreak which impacts all of Apple's mobile devices released between 2011 and 2017 including iPhone models from the 4S up to the iPhone 8 and even the iPhone X.

However, this jailbreak differs from those released in the past because it utilizes a new unpatchable exploit called Checkm8 that exploits vulnerabilities in Apple's Bootrom (secure boot ROM) to give iOS users full control over their devices.

The Checkm8 vulnerability was published by a security researcher called AxiomX who explained to ZDNet that he had worked on the jailbreak all year. 

AxiomX said on Twitter that Checkm8 is “a permanent unpatchable bootrom exploit” which means this jailbreak is far more extensive and efficient than those previously released for Apple's iPhone.

Bootrom jailbreak

In addition to being quite rare, bootrom jailbreaks are also permanent and can't be fixed with a patch. To fix a Bootrom vulnerability permanently would require a silicon revision and even a company as large as Apple would not want to issue a mass recall for iPhones just to modify device chipsets.

This means that the Checkm8 jailbreak is permanent and will work in perpetuity on the devices that have installed it. The last time a Bootrom-based jailbreak was released was back in 2009 and many believed that Apple had managed to secure its boot-up process and make these types of jailbreaks impossible since that time.

AxiomX's jailbreak is currently available on GitHub as a beta release though technical skills are required to install it as it has the potential to easily brick devices.

While a jailbreak of this kind could be used to install unofficial apps on iPhones, the Checkm8 vulnerability could also be exploited by hackers to root devices but this would require physical access to a device.

Via ZDNet

TOPICS
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Latest in Phone & Communications
GlocalMe KeyTracker
When I tested this global tracker, it trounced the Apple AirTag in so many ways
Privacy Hero II
Privacy Hero II VPN Router
ThinkPhone 25 by Motorola
I reviewed the ThinkPhone 25 by Motorola and while it's not as fast as its predecessor, it's the superior phone in so many ways
FRITZ!Box 7690 WiFi 7 Router
FRITZ!Box tries to embrace both business and home customers with its new 7690 router
Ulefone Armor Pad 4 Ultra Thermal
Other than screen reflection, I’m still looking for the downside to the Ulefone Armor Pad 4 Ultra Thermal tablet
Unihertz Tank Pad 8849
Carrying the Unihertz Tank Pad 8849 provided me with a full workout
Latest in News
Panos Panay and Alexa Plus
Amazon's Panos Panay teases future Alexa+ devices from speakers to possible wearables
Metroid Prime 4
I reckon the Nintendo Switch 2 could launch with Metroid Prime 4 – here’s why
Samsung Galaxy Z Fold 6
New rumors predict a foldable iPhone will launch next year – and cost almost twice as much as the iPhone 16 Pro Max
Pebble smartwatch countdown
Pebble confirms its smartwatch announcement is just hours away
Logo of YouTube Shorts
Is YouTube auto-playing Shorts when you open the app? Well, you’re not alone - here’s how to fix it
Google DeepMind panel discussion
“More sovereignty and protection” - Google goes all-in on UK AI with data residency, upskilling projects, and startup investments