axi0mX explorer a vulnerability in the bootrom bootrom of Apple devices, which works at the very first stage of booting, and then transfers control to iBoot. The vulnerability was named checkm8 and allows you to take full control over the device. The published exploit can potentially be used to bypass firmware verification (Jailbreak), organize dual boot of other operating systems and different versions of iOS.
The issue is notable because Bootrom resides in read-only NAND memory, which prevents the issue from being fixed in already released devices (the vulnerability can only be fixed in new batches of devices). The problem manifests itself in the A5 to A11 SoCs used in products built from 2011 to 2017, from the iPhone 4S to the iPhone 8 and X models.
The preliminary version of the code for exploiting the vulnerability is already integrated into the open (GPLv3) toolkit , designed to remove binding to Apple firmware. The exploit is currently limited to creating a SecureROM dump, decrypting keys for iOS firmware, and enabling JTAG. A full automated jailbreak of the latest release of iOS is possible, but not implemented yet, as it requires additional work. Currently, the exploit has already been adapted for SoCs s5l8947x, s5l8950x, s5l8955x, s5l8960x, t8002, t8004, t8010, t8011 and t8015b, and in the future it will be expanded to support s5l8940x, s5l8942x, s5l8945 x, s5l8747x, t7000, t7001, s7002, s8000, s8001, s8003 and t8012.
Source: opennet.ru