Submitted via IRC for SoyCow9427
All devices from the iPhone 4S to the iPhone X are impacted
A newly announced iOS exploit could lead to a permanent, unblockable jailbreak on hundreds of millions of iPhones, according to researcher axi0mX who discovered it. Dubbed "checkm8," the exploit is a bootrom vulnerability that could give hackers deep access to iOS devices on a level that Apple would be unable to block or patch out with a future software update. That would make it one of the biggest developments in the iPhone hacking community in years.
The exploit is specifically a bootrom exploit, meaning it's taking advantage of a security vulnerability in the initial code that iOS devices load when they boot up. And since it's ROM (read-only memory), it can't be overwritten or patched by Apple through a software update, so it's here to stay. It's the first bootrom-level exploit publicly released for an iOS device since the iPhone 4, which was released almost a decade ago.
In a follow-up tweet, axi0mX explained that they released the exploit to the public because a "bootrom exploit for older devices makes iOS better for everyone. Jailbreakers and tweak developers will be able to jailbreak their phones on latest version, and they will not need to stay on older iOS versions waiting for a jailbreak. They will be safer."
(Score: 2) by darkfeline on Saturday September 28 2019, @08:58PM (7 children)
While jailbreaking allows you to replace the original OS, keep in mind that jailbreaking is actually a security vulnerability.
Generally speaking, the ability to gain root access to a device is not considered a good thing. Imagine if someone could jailbreak a Linux server and gain root access.
This makes you vulnerable to evil maid attacks, and is why secure boot was invented. This is especially bad on smartphones since average people tend to leave them laying around a lot.
Join the SDF Public Access UNIX System today!
(Score: 1, Insightful) by Anonymous Coward on Saturday September 28 2019, @11:41PM
Given the choice between taking ownership of a device I paid money for, versus having a third party retain control and do whatever they choose, I'll take the former.
(Score: 4, Insightful) by hemocyanin on Sunday September 29 2019, @12:48AM (1 child)
That's all understood, but I think many people feel that if a 3d party solely has root access, and refuses to let you have it, that's a worse situation.
(Score: 2) by darkfeline on Sunday September 29 2019, @10:40PM
If you have ever met (or think back to) any person outside of your narrow social circles, you would agree that giving the average user root access to their device is a very bad idea.
Join the SDF Public Access UNIX System today!
(Score: 2) by stormwyrm on Sunday September 29 2019, @03:37AM (2 children)
Numquam ponenda est pluralitas sine necessitate.
(Score: 3, Insightful) by darkfeline on Sunday September 29 2019, @10:43PM (1 child)
Are you buying an appliance or a computing device? As an appliance I see no need for root access. I don't mind that I don't have convenient root access to the chips in my dumb washing machine. If you want a computing device, buying Apple is a mistake.
Join the SDF Public Access UNIX System today!
(Score: 3, Interesting) by stormwyrm on Monday September 30 2019, @12:10AM
Numquam ponenda est pluralitas sine necessitate.
(Score: 2) by etherscythe on Sunday September 29 2019, @06:43PM
I have mixed feelings in this direction as well. Think about going to China, where they take your smartphone and do shady things with it outside of your presence as you go through customs. After this, I would consider such a device forever compromised.
"Fake News: anything reported outside of my own personally chosen echo chamber"