Hundreds of millions of iPhones. Starting with the iPhone 4S (A5 chip) and ending with the iPhone X (A11 chip). iPhone exposed to a new vulnerability reports The Verge. Discovered by an expert on cybersecurity, known by the nickname axi0mX. He published an open-access exploit called “checkm8″. which allows hackers to access IOS devices. At such a level that even Apple will not be able to influence the situation.
- “In addition, the exploit cannot be fixed by updating on existing devices. Because the exploited code is in read-only memory.
- In hundreds of millions of iPhones. Starting with the 4S model and ending with the top ten, a new vulnerability has been discovered. According to cybersecurity experts. The most dangerous feature of this bug is its inevitability – the only way to get rid of it is to buy a new smartphone.
- According to Avast senior software engineer Wojtech Bocek. Sheckm8 indeed a very serious vulnerability. It uses everything that runs on IOS devices. When they turned on, and this allows you to access all subsequent processes.
- It reported that it will not work to patch the device to fix the vulnerability. Only owners of devices that left after the iPhone X protected from it.
As it turned out, checkm8 has a second bottom – so. This exploit can be used to jailbreak.
Jailbreak is the procedure for hacking the iPhone firmware. Which is legal, but condemned by Apple, as it allows the user to install third-party programs on the device. According to the hacker Luke Todesco. Who is one of the most famous jailbreakers? The new exploit is not yet a full-fledged jailbreak, but it can be brought to mind.
“This vulnerability allows jailbreak, i.e. expand the rights of users of Apple devices. Which is not supported by the manufacturer. For example, the previous jailbreak used to install applications, not from official sources. A new vulnerability could also allow the installation of older versions of the iOS operating system. Such a need arose for many who tried to update their devices and received a “slowed down”. Or almost non-functioning OS, ”explains Arthur Skok. A consultant at the Information Systems Jet Information Security Center,
The only “fix” is to buy a new device, such as iPhone XS / XR or later.
There is good news: this exploit requires physical access to the device. So for most users, this vulnerability is not dangerous, ”Bock said in an interview with Media
Moreover, the expert emphasized that criminals and government agencies. Received a new tool at their disposal. By default, data encrypted on the iPhone if the user uses some form of screen locks, such as a PIN code or fingerprint. On older devices that do not have Secure Enclave (those devices that came before iPhone 5c inclusive). this exploit can allow an attacker to create a tool to crack a password. Using the “brute force” method without limiting the number of input attempts.
“Using this vulnerability will allow attackers to break into devices much faster and easier than before. On newer devices, this prevented by using Secure Enclave. Which counts attempts to decrypt data and does not allow enumeration. In general, this exploit is useful for people. Who wants to have a deeper access to their iOS devices. But can lead to new, more serious vulnerabilities, ”the source said.
However, it is worth considering that after using the jailbreak it will be problematic and. Rather, even impossible to return to the original OS.
Also, the extension of rights requires the user to be literate in the field of information security. Since in this case the probability of accidental installation of malware increases.
“Globally, the main problem that the new vulnerability leads to is that attackers can use it to unlock stolen Apple devices”, the expert said.