Whether people still jailbreak iPhones and iPads or not, security researchers will keep hunting for vulnerabilities in hardware or software that could be used to develop such tools. The market is highly lucrative for some companies, as there are plenty of parties interested in being able to hack the iPhone, to either install software that’s not available from the App Store or for more nefarious activities, like getting access to someone’s devices.
Apple, which has fought against jailbreaking for years, has a bounty program in place that should help it stay on top of many of these vulnerabilities. But researchers can always just go public with their findings.
Twitter user axi0mX did exactly that on Friday, sharing an “epic jailbreak” called checkm8 that works on all iOS devices from iPhone 4s to iPhone X, in addition to all of the iPad models that were released in that time.
EPIC JAILBREAK: Introducing checkm8 (read "checkmate"), a permanent unpatchable bootrom exploit for hundreds of millions of iOS devices.
Most generations of iPhones and iPads are vulnerable: from iPhone 4S (A5 chip) to iPhone 8 and iPhone X (A11 chip). https://t.co/dQJtXb78sG
— ax🔥🌸mX (@axi0mX) September 27, 2019
According to the hacker, hundreds of millions of iOS devices might be affected, and Apple shouldn’t be able to patch the exploit, which is described as a “permanent bootrom exploit for hundreds of millions of iOS devices.”
In an extended thread, the hacker explained that he’s not actually releasing a jailbreak that could be used immediately, but he’s making his findings public, which could lead to the creation of a jailbreak app that would work on all of the iOS devices mentioned above. Here are his tweets saying as much:
2/ What I am releasing today is not a full jailbreak with Cydia, just an exploit. Researchers and developers can use it to dump SecureROM, decrypt keybags with AES engine, and demote the device to enable JTAG. You still need additional hardware and software to use JTAG.
— ax🔥🌸mX (@axi0mX) September 27, 2019
5/ During iOS 12 betas in summer 2018, Apple patched a critical use-after-free vulnerability in iBoot USB code. This vulnerability can only be triggered over USB and requires physical access. It cannot be exploited remotely. I am sure many researchers have seen that patch.
— ax🔥🌸mX (@axi0mX) September 27, 2019
According to the hacker, the vulnerability can not be targeted without physical access to the device, and you need to trigger it via USB. That means hundreds of millions of iOS devices, including iPhones and iPads released only two years ago, aren’t at risk of being hacked remotely with the help of the newly discovered security hole.