Jailbreak Released for All iOS Devices with A5 to A11 Chips

Today, cybersecurity researcher known as axi0mX has publicly released a jailbreak suitable for almost any Apple device with A5 to A11 chips, covering models released between 2011 and 2017. This means the jailbreak is relevant for devices from the iPhone 4S up to the iPhone 8 and X. It cannot be used remotely—physical access to the device is required.

The researcher’s jailbreak, which he says he worked on for an entire year, is based on a new exploit called Checkm8 (pronounced “checkmate”) that targets a vulnerability in the bootrom. Axi0mX describes this exploit as “permanent and unpatchable.”

Most jailbreaks exploit vulnerabilities in the iOS operating system and its components, but bootrom vulnerabilities and their exploitation are much rarer. These types of jailbreaks are especially valued because they are permanent; fixing a bootrom vulnerability requires physically modifying the device’s chipset, and no company would recall and replace such a large number of devices.

The last jailbreak to use a bootrom exploit was created nearly ten years ago by the well-known hacker George Hotz, aka GeoHot. The release of Checkm8 is therefore a landmark event, as many believed Apple engineers had closed all such loopholes.

The code from axi0mX is already available on GitHub, though it is currently only a beta version not intended for general users and could potentially “brick” a device. The researcher notes that the jailbreak does not work on devices with Apple A12 and A13 chips, and there may be issues with older devices like the iPhone 4S, which he has not yet thoroughly tested.