Millions of iOS devices struck by ‘unfixable’ iPhone flaw

Written by Hamza Zakir ·  1 min read >

A flaw affecting the vast majority of your devices is pretty unbearable, but it takes on a whole new level of terror when it becomes virtually impossible to fix it. This is the situation that Apple currently finds itself in, as a new and seriously frustrating iPhone exploit has been discovered by a security researcher.

Appropriately called “checkm8”, this exploit is capable of allowing hackers (or any individual, for that matter) to permanently jailbreak devices. This is essentially the process whereby all software restrictions imposed by Apple on iOS are removed. Affecting every single iOS device that has ever been released between 2011 and 2017, checkm8 poses a serious problem for the iPhone manufacturer.

The exploit is ingenious in the sense that it takes advantage of a security vulnerability in the initial code that runs before an iOS device powers up. And here’s the kicker: since that particular vulnerability is found in the device’s ROM, it can’t be fixed by a regular update. Therefore, Apple finds itself in a very tricky spot.

The exploit was first discovered by security researcher AxiOmX when he reverse-engineered a patch released by Apple over the summer of 2018 for the beta version of iOS 12. According to him, the exploit isn’t all that bad since the resulting jailbreak would allow users to run software that was previously impossible to hack because of company restrictions. Furthermore, it would enable researchers like him to conduct deep analysis of the security of those devices.

However, it is worth considering the flip side of this argument as well. For one, it would be easier for individuals to install malware or stalkerware on the device. It would also enable state-sponsored hackers to conduct deeper surveillance in the lives of individuals thereby further deteriorating privacy.
Apple has yet to comment on checkm8 and its implications.

Written by Hamza Zakir
Platonist. Humanist. Unusually edgy sometimes. Profile