Profile picture
, 8 tweets, 3 min read
My Authors
Read all threads
Security implications of this SEPROM vulnerability are not as bad as you might think:

(1) Browser-based (nation states) or app-based (community) jailbreaks cannot use it, because the value in TZ0 register is locked and cannot be changed after boot.

1/
(2) Apple's HW and SW uses many different mitigations, and they work together to limit the impact of a single vuln. This vuln cannot even be triggered without a vuln like #checkm8. Unless something like #checkm8 is found for A12/A13, we cannot even check if this issue exists.

2/
(3) A #checkm8-based jailbreak can use this vuln to exploit SEPROM, patch SEP/OS in a meaningful way, and then protect SEP from further access after iOS boots. SEP could then still be secure against accesses from the AP, and apps and tweaks will not be able to exploit it.

3/
(4) If you think about it, it is amazing that we can use powerful low-level public vulnerabilities to control what code we run on the iPhone AP and SEP, and yet those vulnerabilities cannot be abused in a meaningful way after the device boots.

4/
(5) As long as no one else takes physical possession of the device, plugs in a cable and puts it in DFU Mode, it is still secure, and we can use latest iOS with all security patches. Yet, we have the option to jailbreak it anytime, if we want to, and do anything we want.

5/
(6) We should have the option to take full control of our devices, if we want to. Whether it is for research, development, or just for jailbreaking, Apple should give us the option to take full control of our devices. We should not need public exploits to be able to do this.

6/
(7) There are no technical reasons preventing Apple from doing this. They could ask us to pay a fee to enable developer features, wait 30 days, disable Apple Pay, force a development SEP UID key to disable access to existing user data, and require a tethered boot every time.

7/
(8) No hardware changes would be needed to make this possible. They could even allow us to only choose this option when the device is first sold, and never give us any tickets for booting the device without a cable and a computer.

They could easily do this if they wanted to.

8/
Missing some Tweet in this thread? You can try to force a refresh.

Keep Current with ax🔥🌸mX

Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Related hashtags

#checkm8

More from @axi0mX see all

Profile picture
axi0mX 🌧️📲
@axi0mX
EPIC JAILBREAK: Introducing checkm8 (read "checkmate"), a permanent unpatchable bootrom exploit for hundreds of millions of iOS devices.

Most generations of iPhones and iPads are vulnerable: from iPhone 4S (A5 chip) to iPhone 8 and iPhone X (A11 chip).

github.com/axi0mX/ipwndfu
1/ The last iOS device with a public bootrom exploit until today was iPhone 4, which was released in 2010. This is possibly the biggest news in iOS jailbreak community in years. I am releasing my exploit for free for the benefit of iOS jailbreak and security research community.
2/ What I am releasing today is not a full jailbreak with Cydia, just an exploit. Researchers and developers can use it to dump SecureROM, decrypt keybags with AES engine, and demote the device to enable JTAG. You still need additional hardware and software to use JTAG.
Read 13 tweets

Embed code for your website

×
Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!