https://tinyurl.com/y3p8zeej
New ‘unpatchable’ iPhone exploit could allow permanent jailbreaking on
hundreds of millions of devices
新的无法修复的iPhone漏洞让iPhone可以永久越狱
A newly announced iOS exploit could lead to a permanent, unblockable
jailbreak on hundreds of millions of iPhones, according to researcher axi0mX
who discovered it. Dubbed “checkm8,” the exploit is a bootrom vulnerability
that could give hackers deep access to iOS devices on a level that Apple
would be unable to block or patch out with a future software update. That
would make it one of the biggest developments in the iPhone hacking community
in years.
新公布的iOS漏洞将导致上亿只iPhone永久、无法阻挡的越狱。这个漏洞利用了开机档
的弱点让人们可以取得深层iOS的权限，但苹果却没有任何办法可以修补它。
EPIC JAILBREAK: Introducing checkm8 (read "checkmate"), a permanent
unpatchable bootrom exploit for hundreds of millions of iOS devices.
Most generations of iPhones and iPads are vulnerable: from iPhone 4S (A5
chip) to iPhone 8 and iPhone X (A11 chip). https://github.com/axi0mX/ipwndfu
所有A11芯片以下的机种都将可以永久JB
The exploit is specifically a bootrom exploit, meaning it’s taking advantage
of a security vulnerability in the initial code that iOS devices load when
they boot up. And since it’s ROM (read-only memory), it can’t be
overwritten or patched by Apple through a software update, so it’s here to
stay. It’s the first bootrom-level exploit publicly released for an iOS
device since the iPhone 4, which was released almost a decade ago.
这个漏洞是开机码漏洞，利用iOS开机时的启动码的弱点。这个起动码只能读，不能写。
所以苹果没有办法借由软件更新去更动它。自从iPhone 4以来，这是第一个开机码层面
的漏洞，上次找到已经是10年前的事。
In a follow-up tweet, axi0mX explained that they released the exploit to the
public because a “bootrom exploit for older devices makes iOS better for
everyone. Jailbreakers and tweak developers will be able to jailbreak their
phones on latest version, and they will not need to stay on older iOS
versions waiting for a jailbreak. They will be safer.”
axi0mX解释说公布这个漏洞是希望让iOS的旧装置更好。JB开发者总是可以在最新的
iOS版本越狱，他们不需要卡在比较不安全的旧版本，所以他们越狱的手机会更安全
Hundreds of millions of iPhone devices are affected by the exploit: any
device starting with an iPhone 4S (A5 chip) through the iPhone 8 and iPhone X
(A11 chip) is vulnerable, although it appears that Apple patched the flaw in
last year’s A12 processors, meaning that iPhone XS / XR and 11 / 11 Pro
devices won’t be affected.
上亿只iPhone受到这个漏洞的影响，A11以下的机种都可以越狱。
但苹果在A12以后的机种修复了这个漏洞
心得：
苹果啊～与其叫我们改买iphone 11，我是觉得啦～
你推出一个花$100 旧机种换iPhone XR的活动好了～
这样表示出一个企业的良心
顺便把所有没有face ID的机种消灭
把所有3D touch的机种消灭。
刚好一举两得