Got a pre-A12 iPhone? Love jailbreaks? Happy Friday! ‘Unpatchable tethered Boot ROM exploit’ released

September 27, 2019 TH Author

A programmer claims to have found a way to execute arbitrary code on recent-ish iPhones and iPads, paving the way for full-blown tethered jailbreaks.

And, we’re told, it is impossible for Apple to block these shenanigans as it involves a vulnerability baked into the devices’ immutable Boot ROM.

Specifically, the coder, who goes by the handle axi0mX, on Friday said they had built checkm8: “A permanent unpatchable bootrom exploit for hundreds of millions of iOS devices … Most generations of iPhones and iPads are vulnerable: from iPhone 4S (A5 chip) to iPhone 8 and iPhone X (A11 chip).”

That means gear using Apple’s A12 system-on-chip, such as the iPhone XS, XS Max, and XR, are immune to checkm8; iPhones and iPads made before 2018 are not, it is claimed.

The exploit is a first stepping stone to properly jailbreaking the aforementioned vulnerable iThings via a USB connection. What’s said to be working exploit code targeting the Boot ROM flaw is now available on GitHub, for research purposes, cough, cough, and a completed suite of software to install whatever suitable operating system and apps you want – Cydia, etc – is expected to follow from the jailbreaking community.

“During iOS 12 betas in summer 2018, Apple patched a critical use-after-free vulnerability in iBoot USB code,” axi0mX said on Twitter, in explaining how they found the bug.

“This vulnerability can only be triggered over USB and requires physical access. It cannot be exploited remotely. I am sure many researchers have seen that patch. That’s how I discovered it. It is likely at least a couple other researchers were able to exploit this vulnerability after discovering the patch. The patch is easy to find, but the vulnerability is not trivial to exploit on most devices.”

They continued:

2/ What I am releasing today is not a full jailbreak with Cydia, just an exploit. Researchers and developers can use it to dump SecureROM, decrypt keybags with AES engine, and demote the device to enable JTAG. You still need additional hardware and software to use JTAG.

— axi0mX (@axi0mX) September 27, 2019

Jailbreaking, for the uninitiated, is basically installing your own OS and programs on a handheld, circumventing any of the built-in protection mechanisms that lock you inside Apple’s walled garden, in this case.

For those interested, the guts of the use-after-free() exploit are here: it appears to involve connecting the iThing to a computer via USB, forcing the device into DFU mode, and then abusing the USB connection to inject software that the firmware then executes. A payload of code is sent over during this process, meaning this is a tethered attack: you have to hook your gizmo up to a computer to pull off the technique.

While such an exploit will be of great use to hobbyists, it can be used by cops and snoops with physical access to a device to commandeer it and install spyware, though they will need to brute-force the passcode to decrypt any private data already encrypted by iOS.

Earlier today, a new iPhone Boot ROM exploit, checkm8 (or Apollo or Moonshine), was published on GitHub by axi0mX, affecting the iPhone 4S through the iPhone X,” explained Ryan Stortz, of infosec biz Trail of Bits, in an early analysis of the code.

“The vulnerability was patched in devices with A12 and A13 CPUs. As of this writing, the iPhone XS, XS Max, XR, 11, 11 Pro and 11 Pro Max are all safe from this exploit.

“We strongly urge all journalists, activists, and politicians to upgrade to an iPhone that was released in the past two years with an A12 or higher CPU. All other devices, including models that are still sold — like the iPhone 8, are vulnerable to this exploit. Regardless of your device, we also recommend an alphanumeric passcode, rather than a 6-digit numeric passcode. A strong alphanumeric passcode will protect the data on your phone from this and similar attacks.”

Here’s another summary:

Non techie version:

Any iPhone 8/X or earlier can now be:

– booted to any iOS version, past/present/future, with no SHSH/APTickets

– booted to any OS (e.g. Android)

– compromised by attacker w/physical access, but still requires password (or brute force)for private data

— 62657156686f6a75636a4d21506a736699a0f1548b (@Morpheus______) September 27, 2019

In other Apple news…

Apple did not respond to a request for comment on the matter. The Cupertino phone slinger did, however, post a handful of updates this week to address other flaws in its products.

For phones running iOS 13, Apple patched the lock-screen workaround bug discovered by researcher Jose Rodriguez. On iOS 12 devices, Apple fixed CVE-2019-8641, a remote code execution flaw uncovered by Samuel Groß and Natalie Silvanovich of Google’s Project Zero.

Meanwhile, on the Macintosh, Apple released an update to clean up the same CVE-2019-8641 flaw in Sierra, High Sierra, and Mojave macOS systems. Updates were also dropped for bugs in tvOS (CVE-2019-8704), watchOS (CVE-2019-8641), and Safari (CVE-2019-8654, CVE-2019-8725). ®

Sponsored: Your Guide to Becoming Truly Data-Driven with Unrivalled Data Analytics Performance