Security Experts:

Connect with us

Hi, what are you looking for?


Mobile & Wireless

‘Unpatchable’ iOS Bootrom Exploit Allows Jailbreaking of Many iPhones

A researcher specializing in iOS security claims to have created a bootrom exploit that can be leveraged to jailbreak hundreds of millions of iOS devices, including all iPhones between iPhone 4S and iPhone X.

A researcher specializing in iOS security claims to have created a bootrom exploit that can be leveraged to jailbreak hundreds of millions of iOS devices, including all iPhones between iPhone 4S and iPhone X.

The hacker, who uses the online moniker axi0mX, has released the exploit for free in hopes that it would benefit security researchers and the iOS jailbreak community. He has described it as a “permanent unpatchable bootrom exploit” that is “possibly the biggest news in iOS jailbreak community in years.”

The exploit, dubbed Checkm8, is not a full jailbreak in itself, but it can be used to jailbreak devices with Apple processors ranging from A5 (introduced in 2011 with the release of the iPad 2 and the iPhone 4S) to A11 (introduced in 2017 with the release of the iPhone 8 and iPhone X). Devices with A12 and A13 processors, which are present in the iPhone XS and XR, the 2019 iPad Air, and iPhone 11, do not appear to be impacted.

axi0mX says the exploit, which leverages a race condition, is “not perfectly reliable yet” and it cannot be exploited remotely. Exploitation can be conducted over USB by having physical access to the targeted device.

The researcher claims to have discovered it after analyzing an iOS update released by Apple roughly one year ago, which patched a critical use-after-free vulnerability in iBoot USB. axi0mX notes that the vulnerability is not easy to exploit on most devices.

“A bootrom exploit for older devices makes iOS better for everyone. Jailbreakers and tweak developers will be able to jailbreak their phones on latest version, and they will not need to stay on older iOS versions waiting for a jailbreak. They will be safer,” axi0mX said on Twitter after releasing the exploit.

He added, “It will also be better for security researchers interested in Apple’s Bug Bounty. They will not need to keep vulnerabilities on hand so that they have access they need for their research. More vulnerabilities might get reported to Apple right away.”

Vulnerabilities in the bootrom (also known as SecureROM) are impossible to patch using a software or firmware update due to the fact that the bootrom is read-only.

The source code of the Checkm8 exploit has been made public by the researcher on GitHub.

SecurityWeek has reached out to Apple for comment and will update this article if the tech giant responds.

Related: Apple Patches Re-Introduced Jailbreak Vulnerability

Related: iOS 13 Bug Gives Third-Party Keyboards “Full Access” Permissions

Related: Many iOS Developers Don’t Use Encryption: Report

Related: iOS Vulnerabilities Allowed Attackers to Remotely Hack iPhones for Years

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.