A researcher released an “unpatchable” iOS exploit Friday that could make any iPhone from model 4S to 11 susceptible to a permanent jailbreak.
First pushed to Twitter by a researcher known as @axi0mX , the exploit works on devices with Apple chipsets from A5 to A11, which have powered iPhones and iPads since 2011. Apple’s newer chip models — A12 and A13 — are not affected.
EPIC JAILBREAK: Introducing checkm8 (read "checkmate"), a permanent unpatchable bootrom exploit for hundreds of millions of iOS devices.
Most generations of iPhones and iPads are vulnerable: from iPhone 4S (A5 chip) to iPhone 8 and iPhone X (A11 chip). https://t.co/dQJtXb78sG
— axi0mX (@axi0mX) September 27, 2019
The exploit, known as “checkm8,” takes advantages of flaws in Apple’s secure boot ROM (bootrom) and allows users to remove restrictions imposed on the devices by Apple or various telecom carriers.
On a normal device, users are confined to using Apple’s App Stores and company-approved software. Jailbroken phones give users a little bit more control while sacrificing the safeguards the company programs into devices by default.
Once used on a device, checkm8 then allows for users to downgrade their devices to previous iOS versions, run a device with a second operating system (dual booting), or run a custom-made firmware.
“If you’re an iOS security researcher, this will likely be the most exciting thing you’ll hear all year—possibly even for your entire career to-date,” writes Thomas Reed, a MalwareBytes security researcher.
A public bootrom exploit is extremely rare, and cannot be fixed with a software patch. The last one publicly released, “limera1n,” was issued by noted device jailbreaker George “geohot” Hotz.
There are some caveats to the exploit: access to the device is needed, along with a certain level of technical skill. The researcher responsible for checkm8 told ZDNet that he was having trouble getting it to work on older devices.
Apple did not respond to a request for comment.