An exploit promises to allow millions of iPhones to bypass the safe boot ROM. Affected are generations of iPhones, from the iPhone 4S to the iPhone X – and to the current state permanently. What is needed is direct access to the device itself.
The exploit is likely to be the biggest vulnerability in Apple's iOS operating system since the last boot ROM exploit on the iPhone 4. The consequences are currently unpredictable, especially the gap through Apple not to be patched. There would be no way to plug the security hole. Affected are a total of seven generations of the Apple SoC, from the A5 (2011), which was first used in the iPhone 4, to the A11 Bionic (2017) from the iPhone X.
Interesting primarily for jailbreaks
The developer axi0mX already has on the basis of the exploit
Twitter and GitHub released a program to jailbreak the affected smartphones. The tool is aimed primarily at the jailbreak community. To exploit the vulnerability, a physical access to the iPhone, which must be connected via USB to the PC, is needed. But then there are completely new possibilities and also security problems.
EPIC JAILBREAK: Introducing checkm8 (read “checkmate”), a permanently unpatchable bootrom exploit for hundreds of millions of iOS devices.
Most generations of iPhones and iPads are vulnerable: from iPhone 4S (A5 chip) to iPhone 8 and iPhone X (A11 chip). https://t.co/dQJtXb78sG
– axi0mX (@ axi0mX) September 27, 2019
The iPhone is outlawed by exploit
With the help of the Boot-ROM-Exploit all security mechanisms of Apple can be leveraged and custom IPSWs, so adapted firmwares, install. This means that any new iOS version can be gejailbreaked for them immediately. This is very reminiscent of the bygone era of iOS 4which with the software “redsn0w“Allowed similar manipulation of the firmware.
One of the most negative aspects of the now discovered boot ROM exploit, the theft protection for all affected iPhones, should be lost. The “Pwned DFU mode“, Which is loaded via the compromised bootloader in combination with a custom firmware, interested in the security feature “Search my iPhone” not at all, which makes the iPhone outlaw in the case and a worthwhile target for thieves.
Even dual-boot configurations and alternative operating systems such as Android / Linux forks are now at least technically feasible due to the exploit. For Apple, the current situation is a serious problem, unless a way is found to close the gap.
Currently, the exploit can only be used “tethered”, which means that all changes will be undone after a reboot. An executable and profound jailbreak is therefore currently not available.
The editorship thanks community member “Sun_set_1” for the hint to this news and the background information about the exploit.