Dubbed Checkm8, the exploit leverages unpatchable security weaknesses in Apple’s Bootrom (SecureROM), the first significant code that runs on an iPhone while booting, which, if exploited, provides greater system-level access.
“EPIC JAILBREAK: Introducing checkm8 (read “checkmate”), a permanent unpatchable bootrom exploit for hundreds of millions of iOS devices,” said axi0mX while announcing the public release of the exploit on Twitter.
It should be noted that the Checkm8 exploit itself is not a full jailbreak with Cydia, instead, is just an exploit which researchers and jailbreak community can use to develop a fully working jailbreak tool.
Features the Checkm8 exploit allows include as mentioned below:
- Jailbreak and downgrade iPhone 3GS (new bootrom) with alloc8 untethered bootrom exploit.
- Pwned DFU Mode with steaks4uce exploit for S5L8720 devices.
- Pwned DFU Mode with limera1n exploit for S5L8920/S5L8922 devices.
- Pwned DFU Mode with SHAtter exploit for S5L8930 devices.
- Dump SecureROM on S5L8920/S5L8922/S5L8930 devices.
- Dump NOR on S5L8920 devices.
- Flash NOR on S5L8920 devices.
- Encrypt or decrypt hex data on a connected device in pwned DFU Mode using its GID or UID key.
“This is possibly the biggest news in the iOS jailbreak community in years. I am releasing my exploit for free for the benefit of iOS jailbreak and security research community,” says axi0mX, who released the exploit on GitHub.