|
The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "Checkm8 Exploit"
(Replaced "Touch Bar" with "bridgeOS" and added a reference for it.) |
m (Fixed URL title in the references section.) |
||
| Line 7: | Line 7: | ||
* [https://habr.com/en/company/dsec/blog/472762/ Technical analysis of the checkm8 exploit] |
* [https://habr.com/en/company/dsec/blog/472762/ Technical analysis of the checkm8 exploit] |
||
* [https://www.kb.cert.org/vuls/id/941987/ Apple devices vulnerable to arbitrary code execution in SecureROM] |
* [https://www.kb.cert.org/vuls/id/941987/ Apple devices vulnerable to arbitrary code execution in SecureROM] |
||
| − | * [https://news.ycombinator.com/item?id=22849837] |
+ | * [https://news.ycombinator.com/item?id=22849837 https://news.ycombinator.com/item?id=22849837] |
Revision as of 18:36, 27 May 2020
The checkm8 exploit is a bootrom exploit with a CVE ID of CVE-2019-8900 used to run unsigned code on iOS, iPadOS, tvOS, watchOS, and bridgeOS devices with processors between an A5 and an A11 or a T2 (and thereby jailbreak it). Jailbreaks based on checkm8 are semi-tethered jailbreaks as the exploit works by taking advantage of a heap overflow in the USB DFU stack.
ipwndfu and checkra1n are currently the main tools capable of using the checkm8 exploit.
