The Checkm8 exploit, described by the security researcher who published it as “a permanent unpatchable bootrom exploit” might be good news for the jailbreaking community who can use it to unlock devices, but it’s not so good for those worried about keeping their iPhones and iPads secure.
The scope of this exploit is huge.
The exploit affects all iOS devices running on A5 to A11 chipsets. These chips were shipped in iPhones and iPads released between 2011 and 2017, and spanning eight generations of devices, from iPhone 4S to iPhone 8 and X.
This is an unpatchable exploit because, as opposed to a software bug that can be updated, this vulnerability is baked into the chipset.
It’s right inside the hardware.
So, what can you do to protect yourself or your company?
The only comfort for affected iPhone and iPad owners here is that this exploit requires physical access to the device and can only be triggered over USB, and it cannot be executed remotely. For the average user, this probably downgrades the severity of this vulnerability, but it will be of little comfort to companies who have hundreds, or even thousands of iPhones and iPads deployed.
Endpoint software will also likely be useful in spotting compromised devices, but there are gaps in that sort of security (for example, it still leaves the data on the device vulnerable).
The other option is to buy new hardware.
For the average user, this exploit is nothing to worry about, but for enterprise users, it is likely to be a headache that will hang around until the old iPhones and iPads are replaced with new iPhones and iPads.