Apple earlier this month released a fix with the iOS 12.4.1 update to patch a bug that could allow hackers to jailbreak an iPhone. It appears that the respite for Apple is not long-lasting. A new exploit in iOS, classified as a bootrom vulnerability, has been spotted. It reportedly makes it possible to permanently jailbreak an iPhone. The vulnerability affects all iPhone models, from iPhone 4s to iPhone X. But the scary part is that the exploit can't be patched via a software update, leaving millions of iPhones across the globe vulnerable to jailbreaking.
The exploit, which has been named “checkm8”, was discovered by a security researcher who goes by the name @axi0mX on Twitter. The researcher also shared what he calls “open-source jailbreaking tool for many iOS devices” on GitHub that is meant for researchers and is not a full-fledged jailbreak tool compatible with Cydia. The tool can be used to downgrade to an older version of iOS, but definitive proof of it being done is yet to arrive, and there are still a lot of loose ends.
The tool is currently in beta and also comes with the risk of bricking the iPhone on which it is tried. The security expert behind the discovery notes that the iPad and iPhone models, starting with the iPhone 4S and up to the iPhone X, ship with the exploit, which means anyone with the right tools and access to the phone can jailbreak it. The biggest worry is that checkm8 is a bootrom exploit, and that means Apple can't patch it by sending a software update. So, the devices mentioned above will continue to remain vulnerable.
In order to perform the jailbreak, one needs physical access to an iPhone and a computer to connect both the devices via a USB cable, as the jailbreak can not be performed remotely. But the person who discovered it mentions that it is possible to create a cable or dongle than can take advantage of the exploit to jailbreak an iPhone without even requiring a computer in the first place. Apple is yet to release a statement regarding the new discovery, but the researcher who discovered it claims checkm8 is “the biggest news in iOS jailbreak community in years.”