Checkm8, el Jailbreak para dispositivos iOS compatible hasta iPhone X   Arkavia Networks  martes, 1 de octubre de 2019  Monokle, un nuevo Spyware de Android que se propaga a través de apps populares  FinSpy Spyware vuelve a atacar a usuarios de iOS y Android con nuevas funciones Un hacker especializado en iOS y un investigador de ciberseguridad publicaron lo que afirma ser un Bootrom Exploit permanente e incorregible, en otras palabras, un Jailbreak notable que funciona en todos los dispositivos iOS, desde iPhone 4s (chip A5) hasta iPhone 8, incluyendo iPhone X (chip A11). Apodado como Checkm8, el exploit aprovecha las debilidades de seguridad incompatibles en Bootrom (SecureROM) de Apple, el primer código de sistema que se ejecuta en un iPhone durante el arranque, que al ser explotado, proporciona un mayor acceso a nivel de sistema. El nuevo exploit fue descubierto exactamente un mes después de que Apple lanzó un parche de emergencia para otra vulnerabilidad crítica de jailbreak que funciona en dispositivos Apple, incluidos el iPhone XS, XS Max y XR; iPad Mini y iPad Air 2019, con iOS 12.4 e iOS 12.2 o anterior. Dado que los exploits de bootrom son problemas a nivel de hardware y no se pueden reparar sin una revisión de hardware, una simple actualización de software no puede abordar el exploit de bootrom recientemente lanzado. Cabe señalar que el exploit Checkm8 no es un jailbreak como Cydia, es tan solo un exploit que los investigadores y la comunidad puede usar para desarrollar una herramienta de jailbreak completamente funcional. El experto dice que descubrió la vulnerabilidad de bootrom en paralelo mientras analizaba un parche de seguridad que Apple lanzó en 2018 para abordar una vulnerabilidad crítica use-after-free descubierta anteriormente en el código USB de iBoot. El exploit no se puede ejecutar de forma remota, en cambio, solo se puede activar a través de USB y además requiere de acceso físico. El jailbreak solo funciona en iPhones que ejecutan conjuntos de chips A5 y A11 de Apple y no funciona en los dos últimos conjuntos de chips, es decir, A12 y A13. Las características principales que el exploit Checkm8 incluye son: Jailbreak y downgrad https://www.instagram.com/p/B3FFgUEJCGH/?igshid=3wvvj2uhk2f5

Original Post from Security Affairs Author: Pierluigi Paganini

A security expert has released a new jailbreak, dubbed Checkm8, that impacts all iOS devices running on A5 to A11 chipsets, it works on iPhone models from 4S to 8 and X.

The security expert Axi0mX has released a new jailbreak, dubbed Checkm8, that works on all iOS devices running on A5 to A11 chipsets. The jailbreak works with all Apple products released between 2011 and 2017, including iPhone models from 4S to 8 and X.

Checkm8 leverages vulnerabilities in the Apple Bootrom (secure boot ROM) to achieve full control over their device.

“The bootrom (called “SecureROM” by Apple) is the first significant code that runs on an iDevice. The bootrom is read-only. Finding exploits in the bootrom level is a big achievement since Apple won’t be able to fix it without a hardware revision.” reads a description for the BootRom.

The expert who devised the Checkm8 jailbreak described it as “a permanent unpatchablebootrom exploit,” anyway it is essential to highlight that the exploit could lead to a jailbreak by chaining it with other flaws.

EPIC JAILBREAK: Introducing checkm8 (read “checkmate”), a permanent unpatchable bootrom exploit for hundreds of millions of iOS devices.

Most generations of iPhones and iPads are vulnerable: from iPhone 4S (A5 chip) to iPhone 8 and iPhone X (A11 chip). https://t.co/dQJtXb78sG

— axi0mX (@axi0mX) September 27, 2019

Bootrom jailbreaks are very dangerous because they are permanent and can’t be addressed via software, in order to patch a Bootrom flaw it is necessary to physical modify the chipsets.

Axi0mX’s jailbreak code is marked as a “beta” release, but there is the concrete possibility that experts coders or intelligence agencies will integrate it in hacking tools and malware.

“What I am releasing today is not a full jailbreak with Cydia, just an exploit. Researchers and developers can use it to dump SecureROM, decrypt keybags with AES engine, and demote the device to enable JTAG. You still need additional hardware and software to use JTAG.” wrote the expert.

“Features the exploit allow include:

Jailbreak and downgrade iPhone 3GS (new bootrom) with alloc8 untetheredbootrom exploit.

Pwned DFU Mode with steaks4uce exploit for S5L8720 devices.

Pwned DFU Mode with limera1n exploit for S5L8920/S5L8922 devices.

Pwned DFU Mode with SHAtter exploit for S5L8930 devices.

Dump SecureROM on S5L8920/S5L8922/S5L8930 devices.

Dump NOR on S5L8920 devices.

Flash NOR on S5L8920 devices.

Encrypt or decrypt hex data on a connected device in pwned DFU Mode using its GID or UID key.“

Currently, the jailbreak does not work on Apple’s latest two A12 and A13 chipsets.

Experts pointed out that the jailbreak needs physical access to the device, so and could not be used remotely.

“During iOS 12 betas in summer 2018, Apple patched a critical use-after-free vulnerability in iBoot USB code. This vulnerability can only be triggered over USB and requires physical access. It cannot be exploited remotely. I am sure many researchers have seen that patch.” concludes the expert.

“That’s how I discovered it. It is likely at least a couple other researchers were able to exploit this vulnerability after discovering the patch. The patch is easy to find, but the vulnerability is not trivial to exploit on most devices.”

window._mNHandle = window._mNHandle || {}; window._mNHandle.queue = window._mNHandle.queue || []; medianet_versionId = "3121199";

try { window._mNHandle.queue.push(function () { window._mNDetails.loadTag("762221962", "300x250", "762221962"); }); } catch (error) {}

Pierluigi Paganini

(SecurityAffairs – Checkm8, hacking)

The post Checkm8: unpatchable iOS exploit could lead to permanent jailbreak for iOS devices running A5 to A11 chips appeared first on Security Affairs.

#gallery-0-6 { margin: auto; } #gallery-0-6 .gallery-item { float: left; margin-top: 10px; text-align: center; width: 33%; } #gallery-0-6 img { border: 2px solid #cfcfcf; } #gallery-0-6 .gallery-caption { margin-left: 0; } /* see gallery_shortcode() in wp-includes/media.php */

Go to Source Author: Pierluigi Paganini Checkm8: unpatchable iOS exploit could lead to permanent jailbreak for iOS devices running A5 to A11 chips Original Post from Security Affairs Author: Pierluigi Paganini A security expert has released a new jailbreak, dubbed Checkm8, that impacts all iOS devices running on A5 to A11 chipsets, it works on iPhone models from 4S to 8 and X.