iPhone無法修復的永久漏洞被發現 可無限JB - iOS

※ [本文轉錄自 MobileComm 看板 #1TZajpCu ]

作者: kyle5241 (Kyle Korver) 看板: MobileComm
標題: [新聞]iPhone無法修復的永久漏洞被發現 可無限JB
時間: Sat Sep 28 01:48:31 2019

https://tinyurl.com/y3p8zeej

New ‘unpatchable’ iPhone exploit could allow permanent jailbreaking on
hundreds of millions of devices

新的無法修復的iPhone漏洞讓iPhone可以永久越獄


A newly announced iOS exploit could lead to a permanent, unblockable
jailbreak on hundreds of millions of iPhones, according to researcher axi0mX
who discovered it. Dubbed “checkm8,” the exploit is a bootrom vulnerability
that could give hackers deep access to iOS devices on a level that Apple
would be unable to block or patch out with a future software update. That
would make it one of the biggest developments in the iPhone hacking community
in years.

新公佈的iOS漏洞將導致上億隻iPhone永久、無法阻擋的越獄。這個漏洞利用了開機檔
的弱點讓人們可以取得深層iOS的權限，但蘋果卻沒有任何辦法可以修補它。


EPIC JAILBREAK: Introducing checkm8 (read "checkmate"), a permanent
unpatchable bootrom exploit for hundreds of millions of iOS devices.

Most generations of iPhones and iPads are vulnerable: from iPhone 4S (A5
chip) to iPhone 8 and iPhone X (A11 chip). https://github.com/axi0mX/ipwndfu

所有A11晶片以下的機種都將可以永久JB


The exploit is specifically a bootrom exploit, meaning it’s taking advantage
of a security vulnerability in the initial code that iOS devices load when
they boot up. And since it’s ROM (read-only memory), it can’t be
overwritten or patched by Apple through a software update, so it’s here to
stay. It’s the first bootrom-level exploit publicly released for an iOS
device since the iPhone 4, which was released almost a decade ago.

這個漏洞是開機碼漏洞，利用iOS開機時的啟動碼的弱點。這個起動碼只能讀，不能寫。
所以蘋果沒有辦法藉由軟體更新去更動它。自從iPhone 4以來，這是第一個開機碼層面
的漏洞，上次找到已經是10年前的事。

In a follow-up tweet, axi0mX explained that they released the exploit to the
public because a “bootrom exploit for older devices makes iOS better for
everyone. Jailbreakers and tweak developers will be able to jailbreak their
phones on latest version, and they will not need to stay on older iOS
versions waiting for a jailbreak. They will be safer.”

axi0mX解釋說公布這個漏洞是希望讓iOS的舊裝置更好。JB開發者總是可以在最新的
iOS版本越獄，他們不需要卡在比較不安全的舊版本，所以他們越獄的手機會更安全

Hundreds of millions of iPhone devices are affected by the exploit: any
device starting with an iPhone 4S (A5 chip) through the iPhone 8 and iPhone X
(A11 chip) is vulnerable, although it appears that Apple patched the flaw in
last year’s A12 processors, meaning that iPhone XS / XR and 11 / 11 Pro
devices won’t be affected.

上億隻iPhone受到這個漏洞的影響，A11以下的機種都可以越獄。
但蘋果在A12以後的機種修復了這個漏洞



心得：

蘋果啊～與其叫我們改買iphone 11，我是覺得啦～

你推出一個花$100 舊機種換iPhone XR的活動好了～

這樣表示出一個企業的良心

順便把所有沒有face ID的機種消滅

把所有3D touch的機種消滅。

剛好一舉兩得

--