Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
IOS Iphone Security

New Checkm8 Jailbreak Released For All iOS Devices Running A5 To A11 Chips (zdnet.com) 30

An anonymous reader shares a report: A security researcher has today released a new jailbreak that impacts all iOS devices running on A5 to A11 chipsets -- chips included in all Apple products released between 2011 and 2017. This includes iPhone models from 4S to 8 and X. The jailbreak uses a new exploit named Checkm8 that exploits vulnerabilities in Apple's Bootrom (secure boot ROM) to grant phone owners full control over their device. Axi0mX, the security researcher who published Checkm8 today, told ZDNet he'd worked on the jailbreak all year.
This discussion has been archived. No new comments can be posted.

New Checkm8 Jailbreak Released For All iOS Devices Running A5 To A11 Chips

Comments Filter:
  • Surely these exploits could be sold on grey market for a not-insignificant sum. Are jailbreakers releasing these to the public out of a sense of altruism/principle, or are they useless for more nefarious purposes?
    • by geek ( 5680 ) on Friday September 27, 2019 @09:59AM (#59242682)

      Surely these exploits could be sold on grey market for a not-insignificant sum. Are jailbreakers releasing these to the public out of a sense of altruism/principle, or are they useless for more nefarious purposes?

      Only worth money if it's silent. If this jailbreak is noisey and obvious to the user then it's lost its value for espionage purposes.

      • I don't know.. It's pretty invasive and wide reaching over most of the I-Device fleet now in service. This exploit could be useful for awhile because the only real fix is to replace the hardware, or so the researcher claims.

        So it has limited life, but wide appeal. It's worth something.. Or was, until it was released to the public..

    • by jellomizer ( 103300 ) on Friday September 27, 2019 @10:11AM (#59242726)

      Getting credit for hacking Apples impenetrable wall may be worth a lot more then what he would make for selling it.
      If he sells it, he will make money for a few weeks, until Apple finds a work around to block it.
      If he publishes it, he will get fame within the community, can can probably get a sweet job with some security firm (and even possibly with Apple itself).

      Also Jailbreaking iPhones is so 2010. If people want the features of a Jail Broken phone, they normally will go to an Android Phone (which is just as nice) but more customizable to get the features you wanted in the jailbreak

      • by Uberbah ( 647458 )

        Getting credit for hacking Apples impenetrable wall may be worth a lot more then what he would make for selling it.

        Doubtful as he could easily get six figures from shopping it around to intelligence agencies.

        If people want the features of a Jail Broken phone, they normally will go to an Android Phone (which is just as nice)

        Androids that also require rooting if you want to completely remove crap like Facebook. And until it's more than two years old in which case good luck getting updates from it. Whereas y

        • True for manufacturer support, but with many Android phones, you can unlock the bootloader and put a custom rom.

          I just updated 2 Samsung Galaxy S4 devices to android 9 / pie. That's a 2013 phone model. Just make sure you only buy phones that are listed with that kind of option. Which is why I have a oneplus 3t. And more recently my daughter got a pocophone f1.

        • Re: (Score:2, Insightful)

          by tlhIngan ( 30335 )

          Getting credit for hacking Apples impenetrable wall may be worth a lot more then what he would make for selling it.

          Doubtful as he could easily get six figures from shopping it around to intelligence agencies.

          No, he couldn't.

          It's a boot ROM bug. Which means it's got two things. First, Apple cannot fix it at all. It's broken at the silicon level and cannot be fixed. So that's the good news - everything iPhone X and before is now jailbroken.

          But the other problem is - its lifespan is already up. The iPhone

          • by Uberbah ( 647458 )

            No, he couldn't. It's a boot ROM bug. Which means it's got two things. First, Apple cannot fix it at all.

            So he found an unpatchable flaw that affects hundreds of millions of devices around the world, and an intelligence agency wouldn't pay top dollar for that.....because reasons. Oooookay then.

      • You were doing SO well until âoewhich is just as niceâ ... ^_^ yea, in this day and age jailbreaking is like cooking.. hours of hard work, with the end result lasting only 8 minutes and maybe, MAYBY a thank you in the end.

    • First: It's not a jailbreak. It's a bootrom exploit. A lot of work still has to be done to turn an exploit into a full jailbreak, and usually more than one exploit is needed.

      Second: This exploit was corrected in the bootrom of A12 and newer iDevices, therefore Apple already knows about it. They're not going to pay for something they already know about.

  • allow users to do what they want with th.....af forget it. For it is much easier to stuff an elephant into a thimble than for Apple to quit it's draconian tactics. ...."Friends don't let friends buy Apple"
    • All I want is to move media to my iPhone like how any Android does. Treat it as a flash drive. Fuck iTunes.

      • by jeremyp ( 130771 )

        Use airdrop between apple devices and Dropbox between a windows PC and an Apple devices

        • by Khyber ( 864651 )

          Use *ANOTHER SERVICE* to do what should fucking happen natively between two directly-connected devices?

          See, this kind of retarded thinking and usage pattern is why we have tech companies just raping us as they please.

      • All I want is to move media to my iPhone like how any Android does. Treat it as a flash drive. Fuck iTunes.

        Well, you got your wish to fuck iTunes.

        iOS/iPadOS Content Syncing is now done through the Finder:

        https://www.imore.com/how-sync... [imore.com]

        Keep in mind that this is the first version of the Syncing functionality without iTunes. It will no doubt morph away from its "iTunes-like" format as time goes on, and more and more of the (obviously) ported-from-iTunes stuff gets replaced with a more "Finder-like" interface.

        However, if you have Windows, you're still relegated to using iTunes or a 3rd Party Application for iOS/iP

  • by Camembert ( 2891457 ) on Friday September 27, 2019 @10:25AM (#59242772)
    Wouldn’t it be more ethical to discreetly inform the manufacturer of the exploit details? Releasing it on github is just begging for the exploit to be used.
    • by Anubis IV ( 1279820 ) on Friday September 27, 2019 @11:12AM (#59243036)

      What's Apple supposed to do? The BootROM is read-only memory. It's a fundamentally unpatchable exploit.

      These sorts of exploits have been available before, but the last iOS one was nearly a decade ago, working for the iPhone 4 and earlier devices.

    • They already know. The bootrom exploit was corrected in A12 and newer devices.

    • Comment removed based on user account deletion
      • There is an higher ethical call to release the hardware people paid for from external control and limitation.
        It is important to provide casually apply applicable ways to circumvent external control over the equipment people possess and depend on, so that people can reutilize their possessions as they see fit. Who is her control something is the true owner.
        Cuz ownership is a measure of control despite attempts to socially defined it otherwise.
        If we are paying to purchase something then all control should be placed in the hands of the device purchaser.

        What are you talking about? You ARE free to do any of this. Apple isn't going to sue you, call the cops, or remote-brick your iPhone because you decide to do, well, ANYTHING to it. But Apple doesn't have to make it easy. Don't like it; don't buy it. Simple as that.

        It's called a Free Economy.

        But honestly, think about having a completely unlocked, unsigned, BootROM. Does ANYBODY really want that in a device that can also install and run proprietary, closed-source Apps?!? Nobody sane, that's for sure!

        Think abo

  • A security researcher has today released a new jailbreak that impacts all iOS devices running on A5 to A11 chipsets -- chips included in all Apple products released between 2011 and 2017. This includes iPhone models from 4S to 8 and X.

    I told you guys to stop using cutting-edge technology! Still using an iPhone 4 here!

  • Big jailbreak (Score:5, Interesting)

    by twocows ( 1216842 ) on Friday September 27, 2019 @01:51PM (#59243862)
    This looks to be a fully untethered jailbreak, which is a big deal. Most jailbreaks are currently semi-untethered, meaning if you reboot your device, you need a signed app to launch back into the jailbroken environment. This is annoying because this app needs to be re-signed, either every 7 days if you self-sign or I think once a year if you can somehow get it signed by an enterprise. Having a fully untethered jailbreak means it should survive reboots without any extra requirements. It also looks like a hardware exploit. These can sometimes be patched (Nintendo managed to mitigate a hardware exploit in software with some clever coding), but it's a lot more difficult and many times isn't patched until the next hardware revision. Some of the devices this affects are out of production and out of their update lifecycle, so it likely won't be patched for those devices.

    This includes my iPad mini 2, which I've been wanting an untethered jailbreak on for a while so I can play RetroArch easily. I'm looking forward to this getting developed further; it looks like very early beta right now, but in the next few months it'll probably be turned into a workable jailbreak, probably with Cydia access. That'll be nice to have.
    • Like I said previously in this thread, this is not a jailbreak yet. It's a bootrom exploit. It could be turned into a jailbreak, eventually. But it can't be exploited remotely, it has to be triggered through USB, therefore one has to be in posession of the device. It could be used by law enforcement to bypass a locked device, or used to downgrade an iDevice back to a jailbreakable version of iOS, even unsigned.

      And no, it can't be patched. It is an exploit in the bootROM of the device. Apple would have to re

If a 6600 used paper tape instead of core memory, it would use up tape at about 30 miles/second. -- Grishman, Assembly Language Programming

Working...