Checkm8 – A Permanent iOS Jailbreak That Exploits An Unpatchable Flaw

  •  
  •  
  •  
  • 2
  •  
  •  
  •  
    2
    Shares

Recently, Apple fixed a vulnerability with the release of iOS 12.4.1 that allowed for users to jailbreak their iPhones. The vulnerability in iOS 12.4 required urgent attention since it allowed an adversary to also create spyware by exploiting the bug. While Apple managed to fix that bug, once again, a researcher has come out with an even more robust iOS jailbreak named  Checkm8.

Checkm8 iOS Jailbreak Seems Permanent

A security researcher with the alias Axi0mX on Twitter has devised a robust iOS jailbreak that he dubs ‘Checkm8’. According to the researcher, Checkm8 can work for a wide range of iPhones including the latest ones.

Sharing details about the jailbreak in a tweet, the researcher revealed that Checkm8 works by serious Bootrom vulnerability. The flaw affects most iPhones and iPads from iPhone 4S to iPhone X (A5 to A11 chips).

Explaining further about the jailbreak in his tweet, Axi0mX stated,

This exploit and the subsequent jailbreak appear ‘permanently unpatchable’ as it affects the hardware. Thus, fixing the Bootrom flaw would not be so easy without a mass recall of vulnerable devices.

Elaborating on his findings, the researcher said that the flaw basically exists in the implementation of heap itself. As explained,

In S5L8920 bootrom (and some very old versions of iBoot) function malloc is not implemented correctly. When it is unable to allocate memory, instead of NULL it returns a pointer to memory address 0x8. Callers check if returned pointer is NULL and then treat that pointer as valid.

More details about the exploit are available in his write-up.

Publicly Available On GitHub

The researcher has made Checkm8 publicly available on GitHub in an attempt to facilitate the researchers’ community. He believes that the ability to jailbreak new devices will make it easy for the researchers to jailbreak their devices and find bugs. This would save them from the pain of sticking to the older versions merely for jalbreaking. Plus, it will also help those interested in bug bounty.

Let us know your thoughts in the comments.

Avatar

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Do NOT follow this link or you will be banned from the site!