You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Is there a fix for checkm8?

Apple has not only allowed this to continue, but apple owners find out about " unmatchable" HACK on PC Mag !?

****!

Posted on Sep 27, 2019 6:25 PM

Reply
Question marked as Top-ranking reply

Posted on Sep 28, 2019 9:32 PM

Apple didn’t allow anything to continue, the flaw was just discovered.

It does not work on any devices recently released after the X, XS and 11 aren’t affected.

According to security researchers:

  • Checkm8 requires physical access to the phone. It can't be remotely executed, even if combined with other exploits
  • The exploit allows only tethered jailbreaks, meaning it lacks persistence. The exploit must be run each time an iDevice boots.
  • Checkm8 doesn't bypass the protections offered by the Secure Enclave and Touch ID.
  • All of the above means people will be able to use Checkm8 to install malware only under very limited circumstances. The above also means that Checkm8 is unlikely to make it easier for people who find, steal or confiscate a vulnerable iPhone, but don't have the unlock PIN, to access the data stored on it.

https://arstechnica.com/information-technology/2019/09/developer-of-checkm8-explains-why-idevice-jailbreak-exploit-is-a-game-changer/?utm_source=fark&utm_medium=website&utm_content=link&ICID=ref_fark

6 replies
Question marked as Top-ranking reply

Sep 28, 2019 9:32 PM in response to jabberwocky88

Apple didn’t allow anything to continue, the flaw was just discovered.

It does not work on any devices recently released after the X, XS and 11 aren’t affected.

According to security researchers:

  • Checkm8 requires physical access to the phone. It can't be remotely executed, even if combined with other exploits
  • The exploit allows only tethered jailbreaks, meaning it lacks persistence. The exploit must be run each time an iDevice boots.
  • Checkm8 doesn't bypass the protections offered by the Secure Enclave and Touch ID.
  • All of the above means people will be able to use Checkm8 to install malware only under very limited circumstances. The above also means that Checkm8 is unlikely to make it easier for people who find, steal or confiscate a vulnerable iPhone, but don't have the unlock PIN, to access the data stored on it.

https://arstechnica.com/information-technology/2019/09/developer-of-checkm8-explains-why-idevice-jailbreak-exploit-is-a-game-changer/?utm_source=fark&utm_medium=website&utm_content=link&ICID=ref_fark

Sep 28, 2019 9:28 PM in response to KiltedTim

Your mistaken it’s technically not a jailbreak although it could turn into one. Checkm8 is a hardware vulnerability in the read-only bootrom that was exploited; it compromises millions of iPhone’s from the iPhone 4s to the iPhoneX that cannot be patched by apple short from recalling phones under warranty.


The newer iPhones after the IPhoneX do not have this vulnerability meaning it was patched via new hardware and apple know’s about the issue, but decided not to publicly acknowledge it.


It’s tethered meaning in and of itself isn’t great for a jailbreak because it requires physical access and undoes itself upon reboot requiring the exploit to be initialized again to the device using USB, but it can allow someone to downgrade the phone to a less secure iOS version, install malware, install a tethered jailbreak, install a modified iOS firmware, install iCloud lock bypasses, and dump the secure rom which may possibly allow the encryption to be bruteforced on devices like the iPhone 4s & 5c that do not have Secure Enclave’s. All of the above have caveats but that’s what iOS security researchers are working on.

Sep 28, 2019 9:28 PM in response to jabberwocky88

Help me understand why you are concerned about this? YOU would have to do this to your phone yourself. Are you planning to do this? If you aren't planning to do this, it can't happen by itself. And if someone wants to do this and bricks their phone, Apple won't help them at all.


To quote an expert on this subject: The exploit is certainly a big deal for the jailbreak community, apart from that it makes no difference to nearly every iPhone or iPad user outside of that community.


So I'm not sure what it is you're accusing Apple of here or why it's concerning to you?

Is there a fix for checkm8?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.