Checkm8 Exploit Opens Door to Unpatchable Jailbreak on iPhone 4S Through iPhone X

A security researcher who goes by "axi0mX" on Twitter today released "checkm8," which he claims is a bootrom exploit for iOS devices equipped with A5 through A11 chips, including the iPhone 4S through iPhone X, several iPad models dating back to the iPad 2, and the fifth-generation iPod touch and later.


This would be the first publicly released bootrom exploit since the iPhone 4 in 2010 and pave the way for a permanent, non-patchable jailbreak on hundreds of millions of affected iOS devices. Since the bootrom is read-only, Apple cannot patch this type of exploit with a software update.


The bootrom exploit has many other possibilities on affected devices, including downgrading iOS versions without SHSH blobs or APTickets, dual booting iOS, and running custom firmwares, according to jailbreak enthusiasts.

This is significant news in the jailbreaking community, as the last bootrom exploit known as "limera1n" was released by George "geohot" Hotz nearly a decade ago for devices with A4 chips and earlier, including the iPhone 4, iPhone 3GS, the third- and fourth-generation iPod touch, and the original iPad.


This article, "Checkm8 Exploit Opens Door to Unpatchable Jailbreak on iPhone 4S Through iPhone X" first appeared on MacRumors.com

Discuss this article in our forums

Apple Accidentally Unpatches Vulnerability, Leading to New iOS 12.4 Jailbreak

Apple in iOS 12.4 mistakenly unpatched a vulnerability that was fixed in the iOS 12.3 update, leading to a new jailbreak available for iOS 12.4 devices, reports Motherboard.

Hackers discovered the vulnerability over the weekend and Pwn20wnd created a publicly available, free jailbreak that works on devices running the latest version of iOS or any version of iOS below iOS 12.3.


Most jailbreak code is kept private to keep Apple from patching it, so this is the first time that a public jailbreak has been available in a while. It was apparently discovered when a user tested an older jailbreak on iOS 12.4 and found the patch had been reverted.

Security researcher Jonathan Levin told Motherboard that the accidental vulnerability also once again makes iPhone users vulnerable to a "100+ day exploit," referring to how long the bug has been around.

Ned Williamson from Google Project Zero said that the bug could be exploited to install spyware on a target iPhone.
The researcher told Motherboard that "somebody could make a perfect spyware" taking advantage of Apple's mistake. For example, he said, a malicious app could include an exploit for this bug that allows it to escape the usual iOS sandbox--a mechanism that prevents apps from reaching data of other apps or the system--and steal user data.

Another scenario is a hacker including the exploit in a malicious webpage, and pairing it with a browser exploit, according to the researcher.
A third security researcher, Stefan Esser said that people should be careful what apps they download from the App Store right now. "Any such app could have a copy of the jailbreak in it," he wrote on Twitter.

Multiple users have confirmed that the jailbreak works and that their devices have been jailbroken using the new software. Apple has not commented on how or why the vulnerability was unpatched, but the company will likely have a fix available soon.


This article, "Apple Accidentally Unpatches Vulnerability, Leading to New iOS 12.4 Jailbreak" first appeared on MacRumors.com

Discuss this article in our forums

Two Major Cydia Hosts Shut Down as Jailbreaking Fades in Popularity

ModMy today announced it has archived its default ModMyi repository on Cydia, which is essentially an alternative App Store for downloading apps, themes, tweaks, and other files on jailbroken iPhone, iPad, and iPod touch devices.

A jailbroken iPhone running iOS 6 via New Atlas

ZodTTD/MacCiti also shut down last week, meaning that two out of three of Cydia's major default repositories are no longer active as of this month. ModMy recommends developers in the jailbreaking community use the BigBoss repository, which is one of the last major Cydia sources that remains functional.

The closure of two major Cydia repositories is arguably the result of a declining interest in jailbreaking, which provides root filesystem access and allows users to modify iOS and install unapproved apps on an iPhone, iPad, or iPod touch.

When the iPhone and iPod touch were first released in 2007, jailbreaking quickly grew in popularity for both fun and practical reasons. Before the App Store, for example, it allowed users to install apps and games. Jailbreaking was even useful for something as simple as setting a wallpaper, not possible on early iOS versions.

Even in later years, jailbreaking remained popular for a number of popular tweaks that Apple has eventually implemented into iOS, such as system toggles, lock screen widgets, quick reply for text messages, screen recording, multitasking, picture-in-picture mode on iPad, and keyboard trackpad mode.

With many of those features now available out of the box, the allure of jailbreaking is considerably less for many people.

"What do you get in the end?" asked Cydia creator Jay Freeman, in an interview with Motherboard. "It used to be that you got killer features that almost were the reason you owned the phone. And now you get a small minor modification."

One downside to jailbreaking is that it has always been a violation of Apple's End User License Agreement that every iOS user agrees to. While not illegal in the United States, due to an exemption in the Digital Millenium Copyright Act, jailbreaking also technically voids your device's warranty coverage.

In a statement provided to Cult of Mac back in 2010, Apple said jailbreaking can "severely degrade the experience" of an iPhone.
Apple's goal has always been to insure that our customers have a great experience with their iPhone and we know that jailbreaking can severely degrade the experience. As we've said before, the vast majority of customers do not jailbreak their iPhones as this can violate the warranty and can cause the iPhone to become unstable and not work reliably.
Apple's cat-and-mouse game with jailbreaking has been ongoing for over a decade, and it may be finally winning the battle given advancements in iOS security and decreasing interest in jailbreaking.

iOS 11 is the first major version of Apple's mobile operating system that has not been publicly jailbroken. A few developers have claimed to exploit iOS 11 at various security conferences, but no Mac or PC tool like Pangu has been released for the public to download and jailbreak their own devices with.

The lack of a public jailbreak for the latest iOS version after several months has fueled a so-called "death spiral" for jailbreaking.

"When you get fewer people bothering to jailbreak, you get fewer developers targeting interesting things, which means there's less reasons for people to jailbreak," said Freeman. "Which means there's fewer people jailbreaking, which causes there to be less developers bothering to target it. And then you slowly die."

iOS users still interested in jailbreaking can visit our Jailbreaks and iOS Hacks forum section and /r/jailbreak on Reddit.


Discuss this article in our forums