Millions of iOS devices affected by unfixable flaw

In News

Cyber security researchers have discovered a new “unfixable” iPhone exploit that allows hackers thorough access to hundreds of millions of iOS devices.
Called “checkm8”, the exploit affects every single iOS device released between 2011 and 2017, including the iPad, Apple Watch, iPod Touch, and Apple TV. The exploit has the ability to permanently jailbreak devices and remove software restrictions imposed by Apple on iOS.

Checkm8 takes advantage of a security vulnerability in the initial code that runs first when an iOS device powers on. Since the vulnerability is found in the device’s read-only-memory (ROM) and not in the software, Apple is unable fix the issue with an update. A security researcher said he discovered the exploit by reverse-engineering a patch Apple released in summer 2018 for the iOS 12 beta.

He claims the “exploit for older devices makes iOS better for everyone” as it would allow users to run software far beyond what Apple has previously allowed. It would also allow researchers to conduct a more extensive security analysis than what is currently available. However, researchers warn that the exploit could have major implications for iOS device security as it would allow bad actors to install malware or stalkerware. Nation state hackers and law enforcement contractors could also use it for surveillance and device compromise purposes. The exploit can only currently be triggered over USB and ends when someone reboots the device, meaning it would unlikely be used by cyber criminals.
Apple is yet to comment on the flaw.

Comments

You may also read!

Infoblox unveils the Big Switch Off challenge

Infoblox, the leader in cloud-first DNS management and security, announces The Infoblox Big Switch Off Challenge, as a part

Read More...

Veeam educates organizations on accelerating Modern Data Protection strategies during VeeamON Tour in Dubai 2021

Veeam Software, the leader in backup, recovery, and data management solutions that deliver Modern Data Protection, hosted 175+ registered

Read More...

Cyber attacks – hackers are getting faster and more sophisticated

In this exclusive opinion piece, Roland Daccache, Systems Engineer Manager MEA, CrowdStrike, writes on the trends of cybercrimes.  The

Read More...

Join Our Newsletter!

Love SecurityMEA? We love to tell you about our new stuff. Subscribe to newsletter!

Mobile Sliding Menu