Checkm8 Exploit Opens Door to Unpatchable Jailbreak on iPhone 4S Through iPhone X

by

A security researcher who goes by "axi0mX" on Twitter today released "checkm8," which he claims is a bootrom exploit for iOS devices equipped with A5 through A11 chips, including the iPhone 4S through iPhone X, several iPad models dating back to the iPad 2, and the fifth-generation iPod touch and later.

trio iphones ios
This would be the first publicly released bootrom exploit since the iPhone 4 in 2010 and pave the way for a permanent, non-patchable jailbreak on hundreds of millions of affected iOS devices. Since the bootrom is read-only, Apple cannot patch this type of exploit with a software update.


The bootrom exploit has many other possibilities on affected devices, including downgrading iOS versions without SHSH blobs or APTickets, dual booting iOS, and running custom firmwares, according to jailbreak enthusiasts.

This is significant news in the jailbreaking community, as the last bootrom exploit known as "limera1n" was released by George "geohot" Hotz nearly a decade ago for devices with A4 chips and earlier, including the iPhone 4, iPhone 3GS, the third- and fourth-generation iPod touch, and the original iPad.

Tag: Jailbreak

Popular Stories

iPhone 17 Pro Lower Logo Feature 1

iPhone 17 Pro Coming Soon With These 14 New Features

Monday June 30, 2025 1:08 pm PDT by
Apple's next-generation iPhone 17 Pro and iPhone 17 Pro Max are less than three months away, and there are plenty of rumors about the devices. Apple is expected to launch the iPhone 17, iPhone 17 Air, iPhone 17 Pro, and iPhone 17 Pro Max in September this year. Below, we recap key changes rumored for the iPhone 17 Pro models:Aluminum frame: iPhone 17 Pro models are rumored to have an...
Read Full Article
A18 Pro Chip

New MacBook With A18 Pro Chip Spotted in Apple Code

Monday June 30, 2025 8:05 am PDT by
Apple is developing a MacBook with the A18 Pro chip, according to findings in backend code uncovered by MacRumors. Earlier today, Apple analyst Ming-Chi Kuo reported that Apple is planning to launch a low-cost MacBook powered by an iPhone chip. The machine is expected to feature a 13-inch display, the A18 Pro chip, and color options that include silver, blue, pink, and yellow. MacRumors...
Read Full Article292 comments
iPhone 17 Pro Lower Logo Magsafe

iPhone 17 Pro's New MagSafe Design Revealed in Leaked Photo

Wednesday July 2, 2025 8:37 am PDT by
The upcoming iPhone 17 Pro and iPhone 17 Pro Max are rumored to have a slightly different MagSafe magnet layout compared to existing iPhone models, and a leaked photo has offered a closer look at the supposed new design. The leaker Majin Bu today shared a photo of alleged MagSafe magnet arrays for third-party iPhone 17 Pro cases. On existing iPhone models with MagSafe, the magnets form a...
Read Full Article62 comments
macbook air spacegray purple

Apple Planning to Launch Low-Cost MacBook Powered By iPhone Chip

Monday June 30, 2025 3:20 am PDT by
Apple is planning to launch a low-cost MacBook powered by an iPhone chip, according to Apple analyst Ming-Chi Kuo. In an article published on X, Kuo explained that the device will feature a 13-inch display and the A18 Pro chip, making it the first Mac powered by an iPhone chip. The A18 Pro chip debuted in the iPhone 16 Pro last year. To date, all Apple silicon Macs have contained M-series...
Read Full Article236 comments
Apple Watch Ultra Night Mode Screen

Apple Watch Ultra 3 Launching Later This Year With Two Key Upgrades

Wednesday July 2, 2025 1:13 pm PDT by
The long wait for an Apple Watch Ultra 3 appears to be nearly over, and it is rumored to feature both satellite connectivity and 5G support. Apple Watch Ultra's existing Night Mode In his latest Power On newsletter, Bloomberg's Mark Gurman said that the Apple Watch Ultra 3 is on track to launch this year with "significant" new features, including satellite connectivity, which would let you...
Read Full Article67 comments
iOS 18

Apple Releases Second iOS 18.6 Public Beta

Tuesday July 1, 2025 10:19 am PDT by
Apple today seeded the second betas of upcoming iOS 18.6 and iPadOS 18.6 updates to public beta testers, with the betas coming just a day after Apple provided the betas to developers. Apple has also released a second beta of macOS Sequoia 15.6. Testers who have signed up for beta updates through Apple's beta site can download iOS 18.6 and iPadOS 18.6 from the Settings app on a compatible...
Read Full Article12 comments
Wi Fi WiFi General Feature

iOS 26 Adds a Useful New Wi-Fi Feature to Your iPhone

Wednesday July 2, 2025 6:36 am PDT by
iOS 26 and iPadOS 26 add a smaller yet useful Wi-Fi feature to iPhones and iPads. As spotted by Creative Strategies analyst Max Weinbach, sign-in details for captive Wi-Fi networks are now synced across iPhones and iPads running iOS 26 and iPadOS 26. For example, while Weinbach was staying at a Hilton hotel, his iPhone prompted him to fill in Wi-Fi details from his iPad that was already...
Read Full Article24 comments
maxresdefault

Five Features Coming to AirPods Pro 3

Friday June 27, 2025 10:52 am PDT by
Apple hasn't updated the AirPods Pro since 2022, and the earbuds are due for a refresh. We're counting on a new model this year, and we've seen several hints of new AirPods tucked away in Apple's code. Rumors suggest that Apple has some exciting new features planned that will make it worthwhile to upgrade to the latest model. Subscribe to the MacRumors YouTube channel for more videos. Heal...
Read Full Article60 comments
replay all time playlist apple music

Apple Music Debuts All-New Personalized Playlist

Monday June 30, 2025 7:16 am PDT by
As part of its 10-year celebrations of Apple Music, Apple today released an all-new personalized playlist that collates your entire listening history. The playlist, called "Replay All Time," expands on Apple Music's existing Replay features. Previously, users could only see their top songs for each individual calendar year that they've been subscribed to Apple Music, but now, Replay All...
Read Full Article32 comments

Top Rated Comments

zorinlynx Avatar
zorinlynx
75 months ago

This can't be good for the security of these devices...

And have malware installed or spying on you. No thanks. Apple should have gotten their sh** together and not have had the exploit open for nearly a week.
This is a bootrom exploit. It can only be exploited when the device is in DFU recovery mode and will not affect the security of devices being used normally.

This is really the best kind of jailbreak exploit because only the people who really want to go out of their way to jailbreak can use it. Regular users are safe; all it means is that people can do whatever they like with these devices they own now.
Score: 35 Votes (Like | Disagree)
itsmilo Avatar
itsmilo
75 months ago

All the cool kids violate their warranty. Didn't you know?
one restore on iTunes and your warranty is „restored“ so to speak
Score: 28 Votes (Like | Disagree)
tobefirst ⚽️ Avatar
tobefirst ⚽️
75 months ago
I haaaaaaate the new force press/haptic touch menu on iOS 13. I would consider jail breaking just to go back to how that worked on my X on iOS 12.
Score: 16 Votes (Like | Disagree)
Jeremy1026 Avatar
Jeremy1026
75 months ago
I haven't been jailbroken since the 3G, what's the big draw of a jailbreak now a days?
Score: 15 Votes (Like | Disagree)
redheeler Avatar
redheeler
75 months ago
Good, now we can have proper downgrade rights on these devices. It's sad that something like this is needed to, for example, downgrade to iOS 10 on an iPad Air 2 for the simple purpose of running 32-bit apps.
Score: 14 Votes (Like | Disagree)
Krevnik Avatar
Krevnik
75 months ago

Once the data is copied off the phone can't you brute force it without fear of being locked out? What's the encryption like?
You can read through the details yourself if you want: https://www.apple.com/business/docs/site/iOS_Security_Guide.pdf

The NAND itself is encrypted with AES 256. The passcode is the weak point, but to generate the AES 256 key from the passcode, you need the passcode and the unique AES 256 key burned into the Secure Enclave on the SOC. The passcode is run through PBKDF2 and then tangled with the AES 256 key in a one-way operation.

So dumping the flash raw means you face AES 256 at full strength, even if you know the passcode, because you also need the AES 256 key from the SOC to be able to recreate the key yourself if you aren't just brute forcing AES.

The fastest way to crack an iPhone is to brute force the passcode and bypass the lockout on attempts if you can. It also gives you the most access to the content.

Individual containers/files can be encrypted with separate keys based on the level of access the OS should have in different states of lock/unlock, on top of the NAND encryption. So if you dump the flash unencrypted, you then also need to crack the containers for things like email and messages which are also AES 256 encryption. All the more reason to focus even more on the passcode and attempt lockout mechanisms.


This is a bootROM exploit. Every iPhone ever manufactured excluding the iPhone XS and 11 series will always be vulnerable to this exploit regardless of any iOS updates. There is no patch.
Apple still manufactures the iPhone 8 and 3rd Gen Air. I wouldn't be surprised if we see manufacturing runs of those that include the patched boot ROM.
Score: 14 Votes (Like | Disagree)
Read All Comments