A security researcher going by the handle “axi0mX” has discovered a supposedly unpatchable iOS vulnerability affecting six generations of Apple devices.
The anonymous researcher published code demonstrating the flaw on GitHub earlier today, and within a few hours, others in the cybersecurity community appear to have verified that the exploit works. The vulnerability is part of iOS devices released from 2012 to 2017. This effects tens of millions of consumers’ on iPhones and iPads worldwide, however it seems the newest Apple devices are safe.
The exploit leverages weaknesses in an iOS component called the bootrom. It’s the first piece of software that activates when a user turns on their handset and is what loads the rest of the operating system, and checks for security problems.
Since the bootrom runs on an unmodifiable memory chip to prevent tampering, Apple can’t release a software patch. While the iPhone maker could theoretically recall affected models, that is an unApple move. Physically replacing the motherboards, on a device 7 years old, probably won’t happen.
The exploit can be abused to “jailbreak” iOS handsets in order to gain complete control of the operating system. This level of access to a device would give a hacker the ability to read encrypted files, access apps and plant malware for future attacks.
Exploding the flaw does require physically accessing the device. So this flaw won’t help over the air hackers. It is however possible that this is the flaw Cellebrite leverages to crack iPhones for government agencies.