contador javascript Saltar al contenido
Contact :

Checkm8 the first exploit to skip Apple's icloud

A shocking news almost impossible to believe but it is true.

Last Friday

A security researcher nicknamed axi0mX published the news on Twitter: he had discovered a new exploit for iOS that he baptized as como checkm8 ?and that allowed jailbreak of all iPhones from 4S to iPhone X.

Only new models with the Apple A12 or Apple A13 are safe from this vulnerability.

The exploit

It is special because it acts on the bootrom, a read-only memory that makes it impossible for Apple to do anything to correct the problem in the affected models.

There is no possible patch for checkm8, whose code has already been published on GitHub: we explain how it works and what impact it has on iOS devices.

An uncontrollable exploit

The vulnerabilities that have appeared in recent years on iOS have given rise to the odd scenario in which it was possible to jailbreak some models of the iPhone with specific versions of Apple's mobile operating system.

The normal thing was that shortly after discovering the problem Apple launched an iOS update to patch the system, but that is not possible to try to address the problem posed by checkm8.

The reason

It resides in the way of acting of this exploit, that ?attacks? the bootrom of iOS, the boot memory of the operating system that is characterized by being read only and is ?recorded? in the hardware of the iPhone.

A firmware update cannot act on it, which makes this exploit a ?perpetual? problem for Apple, which cannot prevent users from taking advantage of it to jailbreak their devices.

You have to differentiate the exploit itself

Checkm8, of the jailbreak, which at the moment has not been published if someone has developed it.

This vulnerability not only gives access to jailbreak (to, for example, install third-party software not controlled by Apple or its App Store), but to violate the security of the device.

What devices are affected

In reality, not only are iPhone affected by the problem, and as MalwareBytes experts point out, other Apple products that are governed by iOS or iOS-derived operating systems are also at risk.

The list that affects the following products:

They are characterized by not having Apple A12 or A13 chips, which are safe from the problem:

  • All iPhone from 4s to iPhone X
  • All iPad from the second to the seventh generation
  • IPad mini 2 and iPad mini 3
  • The first and second generation iPad Air
  • The iPad Pro 10.5 and 12.9-inch 2nd generation
  • The Apple Watch Series 1, Series 2 and Series 3
  • The 3rd generation Apple TV and the 4K model
  • The fifth, sixth and seventh generation iPod Touch.

We need physical access

Some jailbreaks had the peculiarity of being able to be done remotely, which was known as 'untethered', but checkm8 does not act that way: it is necessary to have the physical device to connect it to a computer, after which it is also necessary to activate the mode DFU (Device Firmware Upgrade) to take advantage of the exploit.

The developer of this exploit also explained that this vulnerability is not enough by itself to install malware persistently on the device, although ways of gaining that level of access could be discovered indefinitely.

That means

Among other things, the exploit must be executed every time the attacked device restarts.

When doing that operation the memory on which it operates is lost, so it is necessary to apply it again (with the aforementioned physical access, connecting it to a computer and activating DFU mode) if we want to gain access to the privileges to which the exploit gives access.