New checkm8 exploit can jailbreak millions of iOS devices

An independent researcher who goes by the Twitter handle axi0mX has discovered and published an iOS jailbreak exploit that applies to hundreds of millions of devices and cannot be patched.

Named checkm8, the exploit leverages a race condition vulnerability found in the bootrom, a read-only memory chip that contains the first code that initially loads whenever a user starts the system. This code cannot be altered, and so any flaw found within it is effectively permanent.

This makes the exploit an especially powerful and significant tool for researchers or hobbyists who wish to circumvent protections built into iPhones and iPads in order to probe more deeply into their iOS devices, customize them or add programs, or execute code at the bootrom level. Law enforcement investigators and gray-hat companies that sell exploits to various parties could also benefit, wrote Thomas Reed, director of Mac and mobile at Malwarebytes, in a Sept. 27 blog post.

Malicious actors could also potentially add this exploit tool to their arsenal, although there are limitations to what they can do with it. For instance, the exploit cannot be exploited remotely, and in general it only can be executed when a device is connected to a computer and put into Device Firmware Upgrade (DFU) mode (although axi0mX said in a tweet that it “should be possible to make a cable or a dongle that jailbreaks your device without a computer.”

Additionally, threat actors cannot use checkm8 to install any persistent malware because any changes are revert back to normal upon device reboot. And they cannot use checkm8 to help attackers bypass Secure Enclave and Touch ID, provided the device in question is equipped with such protections. (Certain older devices may not have these features.) Still, it is theoretically possible that checkm8 could reportedly be chained with other iOS exploit techniques to create more effective attacks.

According to axi0mX, checkm8 affects most generations of iPhones and iPads. In his blog post, Reed listed the currently known impacted devices as:

  • iPhones from the 4s up to the iPhone X
  • iPads from the 2 up to the 7th generation
  • iPad Mini 2 and 3
  • iPad Air 1st and 2nd generation
  • iPad Pro 10.5-inch and 12.9-inch 2nd generation
  • Apple Watch Series 1, Series 2, and Series 3
  • Apple TV 3rd generation and 4k
  • iPod Touch 5th generation to 7th generation

The exploit isn’t perfectly reliable yet, and it is not a complete jailbreak tool, although it facilities the jailbreaking process, axi0mX noted in a series of tweets. “Researchers and developers can use it to dump SecureROM, decrypt keybags with AES engine, and demote the device to enable JTAG. You still need additional hardware and software to use JTAG.”

Considering that jailbreaks on modern devices can be hard to come by, axi0mX noted that his exploit is a positive development for security researchers chasing Apple bug bounties. “They will not need to keep vulnerabilities on hand so that they have access they need for their research. More vulnerabilities might get reported to Apple right away,” he tweeted.

“Needless to say, jailbreaking is not dead. Not anymore. Not today, not tomorrow, not anytime in the next few years.”

The post New checkm8 exploit can jailbreak millions of iOS devices appeared first on SC Media.

Source: SC
New checkm8 exploit can jailbreak millions of iOS devices

Students, Beware of Hacking! How to Prevent Yourself in Online From Cyber Attack

Beware of Hacking

Students’ unlimited access to different information makes it quite easy to imagine that there is nothing interesting on their phones, but we could never be more wrong. The truth about hackers is that they hack for either fun/experience or money. There are also several examples of hacking. But whichever it is, you’ll need to keep […]

The post Students, Beware of Hacking! How to Prevent Yourself in Online From Cyber Attack appeared first on GBHackers On Security.

Source: GBHackers
Students, Beware of Hacking! How to Prevent Yourself in Online From Cyber Attack

Exim Email Server Vulnerability Let Hackers Execute Remote Code on Vulnerable Servers – Update Now!!

Exim Email Server

A critical vulnerability resides in Exim Email server allows attackers to execute the code remotely and take control of the vulnerable server. An open-source Exim message transfer agent (MTA) Written by Philip Hazel and the integration has maintained by the University of Cambridge as an open-source project and is responsible for receiving, routing and delivering […]

The post Exim Email Server Vulnerability Let Hackers Execute Remote Code on Vulnerable Servers – Update Now!! appeared first on GBHackers On Security.

Source: GBHackers
Exim Email Server Vulnerability Let Hackers Execute Remote Code on Vulnerable Servers – Update Now!!

PHP update fixes arbitrary code execution flaw, 9 other bugs

The Center for Internet Security’s Multi-State Information Sharing and Analysis Center (MS-ISAC) on Friday issued a security advisory urging developers to upgrade to the latest version of PHP in order to patch an arbitrary code execution vulnerability that was found in the programming language.

“PHP is prone to a heap-based buffer overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. Specifically, this issue exists in the ‘mb_eregi()’ function,” the advisory states. “Successfully exploiting this vulnerability could allow for arbitrary code execution in the context of the affected application. Depending on the privileges associated with the application, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights. Failed exploitation could result in a denial-of-service condition.”

Although there are no reports of this vulnerability being exploited in the wild, MS-ISAC assess the risk to government and business entities of all sizes to be high.

Including the aforementioned buffer overflow bug, the PHP development team’s Sept. 26 release of PHP version 7.3.10 repaired 10 bugs and delivered other improvements as well.

The post PHP update fixes arbitrary code execution flaw, 9 other bugs appeared first on SC Media.

Source: SC
PHP update fixes arbitrary code execution flaw, 9 other bugs

New Critical Exim Flaw Exposes Email Servers to Remote Attacks — Patch Released

A critical security vulnerability has been discovered and fixed in the popular open-source Exim email server software, which could allow a remote attacker to simply crash or potentially execute malicious code on targeted servers.

Exim maintainers today released an urgent security update—Exim version 4.92.3—after publishing an early warning two days ago, giving system administrators an early
Source: HN
New Critical Exim Flaw Exposes Email Servers to Remote Attacks — Patch Released