New permanent jailbreak for any iPhone, from 4 to X, now available
The number of jailbreaks for iOS devices has declined markedly over the more recent years, although they continue to appear; last month, for example, a flaw in an Apple update allowed a jailbreak for the latest iPhone models. Now, an ethical hacking specialist has announced a supposed functional exploit to permanently jailbreak any iPhone between the 4 and iPhone X.
Through Twitter, the axi0mX user posted
“checkm8”, their iPhone exploit, mentioning that with a little more
work, this exploit could generate a jailbreak, so it could be an important
revelation.
“This is not a complete jailbreak with Cydia,
it’s just an exploit,” the ethical hacking expert says. “It is
possible to use checkm8 to dump SecureROM, decrypt keybags with the AES engine,
and degrades a device to enable JTAG, which requires additional hardware and
software,” mentions the anonymous expert.
Other exploit features also include:
- Jailbreak
and downgrade iPhone 3GS - Pwned
DFU Mode with steaks4uce exploit for S5L8720 devices - Pwned
DFU Mode with limera1n exploit for S5L8920/S5L8922 devices - Pwned
DFU Mode with SHAtter exploit for S5L8930 devices - Dump
SecureROM on S5L8920/S5L8922/S5L8930 devices - Dump
NOR on S5L8920 devices - Flash
NOR on S5L8920 devices - Encrypt
or decrypt hex data on a connected device in pwned DFU Mode using its GID or
UID key
Furthermore, axi0mX emphasizes that its exploit
cannot be used remotely, as it requires USB connection. Just over a year ago,
during the iOS 12 beta testing period, Apple fixed a critical use-after-free vulnerability
in the iBoot USB code. According to experts in ethical hacking, the flaw can
only be exploited via USB and depends on physical access to the devices;
“It’s not possible to exploit it any other way,” the expert
says.
Even though this patch leading to the exploit
is easy to find, the researcher points out that this is a very complex
vulnerability to exploit on most devices. “At least two other researchers
have found a way to exploit this vulnerability; finding the patch is relatively
simple, the hard part is exploiting the flaw,” adds the expert.
On the GitHub page where the exploit is
published, the expert mentions: “The tool is currently in beta and in
certain circumstances could lock a device. It will try to save a copy of the
data in NOR in the nor-backups folder before upgrading the new data to NOR, and
will not attempt to overwrite the critical data in NOR that your device needs
to function. If something goes wrong, hopefully you will be able to restore the
latest version of IPSW in iTunes and try to reset all the features on your
device, or use nor backups to restore NOR to the original state, but I can’t
provide any guarantees,” adds the expert.
Due to the complexity of trying to create this
permanent jailbreak, ethical hacking specialists from the International Institute
of Cyber Security (IICS) do not recommend trying to run this exploit unless you
have the necessary knowledge.
Gloss