Apple iPhones are best known for their security reasons and are trusted by millions of people all over the world. However, a recent fix with the iOS 12.4.1 update could give the hackers an easier opportunity to jailbreak an iPhone.
The fix was released earlier this month to patch the bug, but it seems like a new exploit has been spotted on iPhones recently. The exploit is classified as a bootrom vulnerability that can help in jailbreaking an iOS phone. This kind of exploit takes advantage of a security vulnerability in the initial code that iOS devices load when they boot up. Since the entire thing happens in ROM, it can’t be patched through a software update. This reportedly affects all iPhones from iPhone 4s to iPhone X.
This exploit has been named as ‘checkm8’ and was discovered by a security researcher who is named @axi0mX on Twitter. He calls the exploit an “open-source jailbreaking tool for many iOS devices”. He also informs that this entire thing is meant for researchers and it is not a full-fledged jailbreak tool compatible with Cydia. The tool can be used to downgrade to an older version of iOS also. But this will not happen in the near future as the tool is still in beta version.
Via Twitter, @axi0mX said:
“Bootrom exploit for older devices makes iOS better for everyone. Jailbreakers and tweak developers will be able to jailbreak their phones on latest version, and they will not need to stay on older iOS versions waiting for a jailbreak. They will be safer.”
There are also security threats as criminals could use the vulnerability to circumvent Apple’s iCloud account locks, which are used to render stolen or lost devices useless or to install poisoned versions of iOS that steal user information. However, Apple can patch the bootrom for its newer devices but the hundreds and millions of iPhones are already out there and they can’t be patched without replacing hardware.
According to the reports, any device starting with an iPhone 4S (A5 chip) through the iPhone 8 and iPhone X (A11 chip) is vulnerable to this exploit. Although iPhone XS / XR and 11 / 11 Pro devices won’t be affected as Apple already patched the flaw in last year’s A12 processors.
However, the jailbreakers are still ‘tethered’, that means one will still need physical access to an iPhone and a computer to connect both the devices via a USB cable. In a report, axi0mX said that anyone can create a cable or dongle to jailbreak an iPhone without even requiring a computer in the first place.
Apple is still silent regarding this matter. But there is no doubt that this has created a hype among the iOS users and in future, it can affect the company if a solution for this can’t be found.