Share this page!

ax🔥🌸mX Profile picture
Twitter logo
6 Oct, 9 tweets, 4 min read
I agree with @chronic. There was no attempt to verify facts or claims with our team. There is no demo or proof of concept.

For example, the timeline in ironpeak post has many inaccurate or misleading claims, and it is not even in chronological order.
To be clear, the public @checkra1n jailbreak does not currently have any SEP exploit or mitigation bypass whatsoever for any device. Ironpeak claims that it does.

When we write things for public consumption, it is important that we are clear, accurate, and get basic facts right.
Good writing about deeply technical topics requires collaboration with subject-matter experts. It requires editing and peer review. There is no way around it.

I do not know what "vulnerability details" ironpeak emailed to Apple, but it was most likely a low quality bug report.
A quality bug report includes a proof-of-concept or a demo and accurate information about the discovery.

microsoft.com/en-us/msrc/bou…

Ironpeak blog post has none of the above. It would be surprising if their email to Apple was any better or more useful than the blog post.
To communicate clearly, good writing should also put things in context:

Are there any Macs that are safe to use "if left alone and physical access was possible"?

The answer is no, but most modern computer hardware, including all Macs, is not safe in that scenario.
A well-intentioned blog post seeking to inform the reader would avoid any appeal to fear.

Ironpeak does the opposite. These quotes are verbatim:

"I have sources that say more news is on the way in the upcoming weeks. I quote: be afraid, be very afraid."

en.wikipedia.org/wiki/Fear,_unc…
More:

"Crouching T2, Hidden Danger"

"Let’s talk about a vulnerability that’s completely exposing your macOS devices while most are declining to act nor report about the matter."

"Be angry at news websites & Apple for not covering this issue"

"be prepared to replace your Mac"
For the record, I do not know what "more news is on the way in the upcoming weeks" that we should be afraid of.

I agree that Apple should have issued an official security advisory as soon as possible, and it is unacceptable that they have not done that yet. It has been months.
Apple should inform readers about #checkm8 and #blackbird in Apple Platform Security Guide, identify the potential security threats, and let us know how to prevent or mitigate them.

en.wikipedia.org/wiki/Threat_mo…

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with ax🔥🌸mX

ax🔥🌸mX Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @axi0mX

ax🔥🌸mX Profile picture
22 Sep
IMPORTANT POINT 👇

Apple has the option of empowering users who #checkm8, while protecting users who do not #checkm8.

Instead, they decided that even users who want to #checkm8 cannot have a fully functioning iOS 14 jailbreak without a SEPROM exploit.
Apple could allow jailbreaking to continue without SEPROM exploits, while protecting users who do not want to jailbreak. It would take slightly more engineering effort to make that happen, but it is not difficult to do.

Political barriers are more difficult to overcome.
It is the prisoner's dilemma: Two completely rational individuals might not cooperate, even if it appears that it is in their best interests to do so.

Unpatchable exploits cannot be stopped, but if they remove the incentive to release them publicly, they might just stay private.
Read 4 tweets
ax🔥🌸mX Profile picture
25 Jul
Security implications of this SEPROM vulnerability are not as bad as you might think:

(1) Browser-based (nation states) or app-based (community) jailbreaks cannot use it, because the value in TZ0 register is locked and cannot be changed after boot.

1/
(2) Apple's HW and SW uses many different mitigations, and they work together to limit the impact of a single vuln. This vuln cannot even be triggered without a vuln like #checkm8. Unless something like #checkm8 is found for A12/A13, we cannot even check if this issue exists.

2/
(3) A #checkm8-based jailbreak can use this vuln to exploit SEPROM, patch SEP/OS in a meaningful way, and then protect SEP from further access after iOS boots. SEP could then still be secure against accesses from the AP, and apps and tweaks will not be able to exploit it.

3/
Read 8 tweets
ax🔥🌸mX Profile picture
11 Dec 19
Wow, even the #checkra1n announcement post on Reddit has been taken down. 🤯

I assume that this is an unfortunate mistake and it will be fixed soon. I do not see any reason at all why Apple would intentionally do this now.

"Sorry, this post was removed by Reddit's Legal Operations team."

reddit.com/r/jailbreak/co… Image
Read this tweet to understand why it is not likely this was taken down by Apple.

Read 4 tweets
ax🔥🌸mX Profile picture
27 Sep 19
EPIC JAILBREAK: Introducing checkm8 (read "checkmate"), a permanent unpatchable bootrom exploit for hundreds of millions of iOS devices.

Most generations of iPhones and iPads are vulnerable: from iPhone 4S (A5 chip) to iPhone 8 and iPhone X (A11 chip).

github.com/axi0mX/ipwndfu
1/ The last iOS device with a public bootrom exploit until today was iPhone 4, which was released in 2010. This is possibly the biggest news in iOS jailbreak community in years. I am releasing my exploit for free for the benefit of iOS jailbreak and security research community.
2/ What I am releasing today is not a full jailbreak with Cydia, just an exploit. Researchers and developers can use it to dump SecureROM, decrypt keybags with AES engine, and demote the device to enable JTAG. You still need additional hardware and software to use JTAG.
Read 13 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get email notifications when new thread is out from this Author!

Check out other threads from this Author!

Read all threads by @axi0mX