The universe of jailbreak woke up with a bomb today: the security researcher axi0mX has launched a powerful new tool that allows you to access the chip of iPhones and iPads (more specifically from A5 to A11) so that hackers can exploit it in order to develop a method of jailbreak devices installed with these chips, ie from iPhone 4s to X the newer models would be "immune".
The tool uses new software called “Checkm8” (checkmate), which exploits a vulnerability in Bootrom (device boot ROM) to ensure full control over the device. Therefore, rather than a software flaw, the problem seems to lie in the hardware itself. gadgets, making it virtually incorrigible.
According to the researcher, the fact that the error is related to Bootrom of devices installed with the Ma chip makes the tool developed by him become one of the most comprehensive and efficient of its kind.
The reader of Anderson Silva (and fan of jailbreak h) confirmed that if a jailbreak itself that exploits the flaw, it is 100% tethered that is, it must be activated each time the device restarts. Nevertheless, it would allow any version of Ma's mobile operating system to be "unlocked," as rectified by the developer. GeoSn0w:
Precisely because it is hardware related, the jailbreak Bootrom is one of the most sought after because it is permanent. Any kind of correction related to this would have to come directly from the suppliers' production chain, which implies modifying the chipsets of the gadgets something that no company, not even Apple, can fix without performing some sort of recall.
If you are interested in investigating the failure, you need to stick to some of the recommendations. According to the developer, the use of the tool developed by him may block some devices; In such cases, it is important to always have a backup ready.
Of course, this kind of exploit also has its drawbacks, some of which are obvious: in the wrong hands, such a tool (which allows full control of the device, regardless of the software installed) can serve as an open door for an attacker to collect any kind of information. . However, actions like this would be more difficult to perform as they cannot be done remotely.
Although rare, this is not the first time a publicly exploited Bootrom failure has occurred: the last case occurred in 2010 after the iPhone 4 was released; since then all the tools of jailbreak used codes from iOS itself and were promptly fixed by Apple.