https://www.theiphonewiki.com/w/api.php?action=feedcontributions&feedformat=atom&user=SaagarjhaThe iPhone Wiki - User contributions [en]2026-05-21T09:55:40ZUser contributionsMediaWiki 1.31.14https://www.theiphonewiki.com/w/index.php?title=Checkm8_Exploit&diff=117982Checkm8 Exploit2021-09-26T06:35:41Z<p>Saagarjha: checkm8 is a use-after-free, not a heap overflow</p>
<hr />
<div>{{lowercase}}<br />
The '''checkm8 exploit''' is a [[bootrom]] exploit with a CVE ID of CVE-2019-8900 used to run unsigned code on iOS, iPadOS, tvOS, watchOS, bridgeOS, audioOS, and Haywire devices with processors between an A5 and an A11, a S1P and a S3, a S5L8747, and a T2 (and thereby [[jailbreak]] it). Jailbreaks based on checkm8 are [[semi-tethered jailbreak]]s as the exploit works by taking advantage of a use-after-free in the USB DFU stack.<br />
<br />
[[ipwndfu]] and [[checkra1n]] are currently the main tools capable of using the checkm8 exploit. <br />
<br />
== References ==<br />
* [https://habr.com/en/company/dsec/blog/472762/ Technical analysis of the checkm8 exploit]<br />
* [https://www.kb.cert.org/vuls/id/941987/ Apple devices vulnerable to arbitrary code execution in SecureROM]<br />
* [https://news.ycombinator.com/item?id=22849837 https://news.ycombinator.com/item?id=22849837]<br />
* [https://arstechnica.com/information-technology/2019/09/developer-of-checkm8-explains-why-idevice-jailbreak-exploit-is-a-game-changer Developer of Checkm8 explains why iDevice jailbreak exploit is a game changer]<br />
<br />
<br />
[[Category:Exploits]]<br />
[[Category:Bootrom Exploits]]</div>Saagarjha