Checkm8 jailbreak: third iOS exploit in less than two months

A recently announced iOS exploit could lead to a permanent jailbreak on hundreds of millions of iPhones. All devices from the iPhone 4S to the iPhone X are impacted.

According to an iOS researcher with the Twitter handle @axi0mX, Checkm8 takes advantage of an unpatchable bootrom bug present in all Apple devices using chips A5 through A11 –and gives hackers deep access to iOS devices on a level that Apple would be unable to patch out with software updates. The latest iOS security breach is arguably the biggest so far.

Exploiting the bootrom

Unlike currently available jailbreaks for recent Apple devices, which exploit a software bug in iOS, Checkm8 exploits the bootrom. Bootrom jailbreaks take advantage of a security vulnerability in the initial code that iOS load when they boot up. And since it’s ROM (read-only memory), it can’t be overwritten or patched by Apple through a software update. Simply put, it’s here to stay.

It’s the first bootrom-level exploit publicly released for an iOS device since the iPhone 4, which was released almost a decade ago.

Several security concerns have been raised. Malicious players could use the vulnerability to circumvent Apple’s iCloud account locks–or install poisoned versions of iOS that steal user information. And while Apple can patch the bootrom for its newer devices, the hundreds of millions of iPhones already out there can’t be patched without replacing the hardware.

Any device starting with iPhone 4S through the iPhone 8 and iPhone X is vulnerable. it appears that Apple patched the flaw in last year’s A12 processors, meaning that iPhone XS/XR and 11/11 Pro devices won’t be affected.

Protect your apps against the most recent threats

This is the third security breach involving iPhones in less than two months. In mid-August, security researchers discovered that Apple mistakenly unpatched a vulnerability it had previously fixed in iOS 12.3. Later that month, researchers at Google found a number of malicious websites which, when visited, could quietly hack into a victim’s iPhone by exploiting a set of undisclosed software flaws.

Exploits like Checkm8 are just another reminder of the indispensability of mobile app security. The built-in security mechanisms of iOS alone are not enough. Only mobile in-app protection, such as Promon SHIELD ™, can provide your apps with the necessary protection (e.g. jailbreak detection) against the most recent threats.