09-28-2019, 04:19 PM
Here are the key parts in the ars story, they were nice enough sum it up. I think the 4th bullet is the most relevant:
• Checkm8 requires physical access to the phone. It can't be remotely executed, even if combined with other exploits
• The exploit allows only tethered jailbreaks, meaning it lacks persistence. The exploit must be run each time an iDevice boots.
• Checkm8 doesn't bypass the protections offered by the Secure Enclave and Touch ID.
• All of the above means people will be able to use Checkm8 to install malware only under very limited circumstances. The above also means that Checkm8 is unlikely to make it easier for people who find, steal or confiscate a vulnerable iPhone, but don't have the unlock PIN, to access the data stored on it.
• Checkm8 is going to benefit researchers, hobbyists, and hackers by providing a way not seen in almost a decade to access the lowest levels of iDevices.
meh.
• Checkm8 requires physical access to the phone. It can't be remotely executed, even if combined with other exploits
• The exploit allows only tethered jailbreaks, meaning it lacks persistence. The exploit must be run each time an iDevice boots.
• Checkm8 doesn't bypass the protections offered by the Secure Enclave and Touch ID.
• All of the above means people will be able to use Checkm8 to install malware only under very limited circumstances. The above also means that Checkm8 is unlikely to make it easier for people who find, steal or confiscate a vulnerable iPhone, but don't have the unlock PIN, to access the data stored on it.
• Checkm8 is going to benefit researchers, hobbyists, and hackers by providing a way not seen in almost a decade to access the lowest levels of iDevices.
meh.
