A new "unfixable" iPhone exploit capable of giving hackers deep access to hundreds of millions of iOS devices has been discovered by a security researcher.
The so-called "checkm8" exploit affects every single iOS device released between 2011 and 2017 - iPad, Apple Watch, iPod Touch, and Apple TV are also affected.
The exploit promises the ability to permanently jailbreak devices – the ability to remove software restrictions imposed by Apple on iOS.
Checkm8 takes advantage of a security vulnerability in the initial code that runs first when an iOS device powers on.
As the vulnerability is found in the device`s read-only-memory (ROM) and not in the software, Apple is unable fix the issue with an update.
Security researcher AxiOmX said he discovered the exploit by reverse-engineering a patch Apple released in summer 2018 for the iOS 12 beta.
AxiOmX claims the "exploit for older devices makes iOS better for everyone" as it would allow users to run software far beyond what Apple has previously allowed.
It would also allow researchers to conduct a more extensive security analysis than what is currently available.
Not everyone is convinced, with some researchers warning the exploit could have major implications for iOS device security as it would allow bad actors to install malware or stalkerware.
Nation state hackers and law enforcement contractors could also use it for surveillance and device compromise purposes.
EPIC JAILBREAK: Introducing checkm8 (read "checkmate"), a permanent unpatchable bootrom exploit for hundreds of millions of iOS devices.— axi0mX (@axi0mX) September 27, 2019
Most generations of iPhones and iPads are vulnerable: from iPhone 4S (A5 chip) to iPhone 8 and iPhone X (A11 chip). https://t.co/dQJtXb78sG
AxiOmX said the exploit can only currently be triggered over USB and ends when someone reboots the device, meaning it would unlikely be used by cyber criminals. Although, he said it is possible.
"It is possible that bad actors would use this, but I doubt it would be the first choice," he told Wired.
"It requires physical access to the device and a reboot. But it could potentially be used by bad actors, say at border crossings or if devices are left unattended."
Apple is yet to comment on the flaw.
- Tesla updates Model 3 prices as federal EV tax credits expire
- NASA Just Watched a Mass of Cyclones on Jupiter Evolve Into a Mesmerising Hexagon
- The Secret to create the BEST relationship with your dog! - Creating balance with your dog!
- Minecraft diamond challenge leaves AI creators stumped
- Santa hacker speaks to girl via smart camera
- Man killed by Lexus car being remotely started
- Emotion-detecting tech should be restricted by law - AI Now
- How To Set Up Your Home Studio For Top-Tier Sound - BehindTheSpeakers.com
- YouTube bans `malicious insults and veiled threats`
- Amazon’s fight with Trump is about much more than $10bn