New Bootrom Exploit Could Allow For Unpatchable Jailbreak On Older iOS Devices

Today, security researcher "axi0mX" released what is said to be a "permanent unpatchable bootrom vulnerability" that could contribute to a permanent jailbreak. for the iPhone 4s all the way up to the iPhone X, several iPad models that dating back as far as iPad 2, and the fifth-generation iPod touch and later. The researcher suggest it "this is possibly the biggest news in iOS jailbreak community in years."

The jailbreak tool, called checkm8, although still need some work yet, plus it has to be performed over USB, and it's not easy to exploit this vulnerability on most devices." But once it's done, this would be the first publicly released bootrom exploit since the iPhone 4 in 2010 and pave the way for a permanent, non-patchable jailbreak on many iOS devices. Such a tool would allow you to downgrade iOS versions without SHSH blobs or APTickets, dual booting iOS, and running custom firmwares.
What I am releasing today is not a full jailbreak with Cydia, just an exploit. Researchers and developers can use it to dump SecureROM, decrypt keybags with AES engine, and demote the device to enable JTAG. You still need additional hardware and software to use JTAG.

Exploit released today supports s5l8947x, s5l8950x, s5l8955x, s5l8960x, t8002, t8004, t8010, t8011, t8015. Others will be added soon. It is not perfectly reliable yet; it uses a race condition and I only tested it on my MacBook Pro.

A bootrom exploit for older devices makes iOS better for everyone. Jailbreakers and tweak developers will be able to jailbreak their phones on latest version, and they will not need to stay on older iOS versions waiting for a jailbreak. They will be safer.
For those who are not familiar with the so-called bootrom exploit, this essentially means that it’s a vulnerability in the device’s ROM, or read-only-memory, rather than the software, thus, there is no way for Apple to patch this type of exploit with a software update, leave the devices with affected chips permanently vulnerable.

Currently, the bootrom exploit is available on Github, so if you are interested in taking advantage of the vulnerability to develop a jailbreak, then go ahead, there is a warning though-it may brick your devices.

Image Via 9to5Mac

Post a Comment

أحدث أقدم