Well hot damn.
A security researcher dropped a bomb on iPhone owners today with the release of an exploit potentially allowing for the jailbreaking of Apple smartphones ranging from the 4S to the iPhone X. And, and this part is the real kicker, the way the exploit allegedly works means Apple can never patch it.
The open source tool, released by axi0mX, is available on GitHub and is described as "a permanent unpatchable bootrom exploit for hundreds of millions of iOS devices" by the researcher.
Specifically, it works on any iOS device sporting anything from an A5 chip to an A11 chip. According to axi0mX, this translates to "most generations of iPhones and iPads."
Tweet may have been deleted
So, why does this matter? Well, for starters, it means that if you let your vulnerable iPhone out of your hands a bad actor could theoretically jailbreak the device and load malicious software onto it.
Tweet may have been deleted
Importantly, this exploit is not a remote one — meaning someone would have to get their hands on your physical device. However, taking your smartphone away is exactly the kind of thing Customs and Border Protection and law enforcement is wont to do.
Tweet may have been deleted
Patrick Wardle, security researcher at Jamf and founder of Objective-See, broke down what this exploit means for the average iPhone owner over Twitter directer message.
"Good news, newer phones (A12/A13) aren't vulnerable," he wrote. "My understanding is, having a passcode or an updated version of iOS doesn't matter[.] That is, any older [iPhone] is hackable ... with physical access."
"This isn't something Apple can fix," he added.
We reached out to axi0mX over email in an attempt to determine just what, exactly, the researcher expects to come of all this. Unfortunately, we received no response as of press time. However, axi0mX thankfully tweeted some of what they see as the benefits to this release.
"A bootrom exploit for older devices makes iOS better for everyone," explained axi0mX in a follow-up tweet. "Jailbreakers and tweak developers will be able to jailbreak their phones on latest version, and they will not need to stay on older iOS versions waiting for a jailbreak. They will be safer."
We reached out to Apple for comment, but received no response as of press time. As axi0mX's exploit was released publicly, we imagine the company is a little preoccupied at the moment.
UPDATE: Sept. 27, 2019, 12:07 p.m. PDT This story has been updated with comments from Patrick Wardle.
Topics Apple Cybersecurity iPhone
