Don't panic: Checkm8 vulnerability for jailbreaking iPhones 2011 - 2017

1 October 2019 12 November 2019 / From Jen Kleinholz / News / Post a comment

Chapter in this post:

1 Checkm8 Boot-ROM exploit requires USB connection
2 Recommendation: USB condom and detailed information
3 Similar posts

Yesterday I already touched on the topic "Checkm8" here in the blog. It was about increased security on the iPhone by one alphanumeric access code. Now I would like to briefly elaborate a bit more on the jailbreak vulnerability Checkm8 (means “checkmate”), which is presented as super problematic in many places. Sure, the message sounds frightening at first, especially since the second bad news is that the error cannot simply be fixed by a firmware update from Apple. Nevertheless: the necessary way of working to exploit the gap, also known as Apollo or Moonshine, basically gives the all-clear.

All iPhone models from the iPhone 8s with an A4 chip to the iPhone 5 and iPhone X with an A8 chip are affected by the Checkm11 security hole. But there is no need to panic.

Sir Apfelot recommendation: Clean up your Mac hard drive with CleanMyMac

Checkm8 Boot-ROM exploit requires USB connection

Malware to be used is a so-called boot ROM Feat, which in short and in layman's terms means that the software can make the device boot process work with any system. All iPhone models are affected, from the iPhone 4s with an A5 chip to the iPhone 8 and iPhone X with an A11 chip. There is a patch for newer Apple smartphones with A12 and A13 processors that closes the security gap. The iPhone models Xs, Xs Max, XR, 11, 11 Pro and 11 Pro Max are therefore protected against Checkm8.

For me, this means first and foremost that the jailbreak faction can be happy, because it gives them a permanent opportunity to jailbreak the old iPhone models. For hackers, however, the vulnerability is likely to be relatively uninteresting, as it cannot be exploited via the Internet and this limits the number of vulnerable devices. It is also a "tethered jailbreak", ie a wired attack that requires a USB connection to a Mac or PC.

Recommendation: USB condom and detailed information

In a post from January this year I gave you the PortaPow data block USB adapter presented. This can also be called a USB condom for fun. Because when plugged between the charging cable of your iPhone and a (public) USB socket, the adapter prevents data transfer. The highlight: there are only contacts for the flow of current, i.e. for charging the battery. The contacts for data transmission have simply been left out, so that hackers, boot ROM and other attacks or read-out attempts come to nothing. Always a good thing at the train station, airport or other charging port. For Checkm8 you can find the "Trail of Bits Blog" detailed information.

Jen Kleinholz( Founder & Sir Apfelot )

Jens has been running the blog since 2012. He appears as Sir Apfelot for his readers and helps them with problems of a technical nature. In his free time he drives electric unicycles, takes photos (preferably with his iPhone, of course), climbs around in the Hessian mountains or hikes with the family. His articles deal with Apple products, news from the world of drones or solutions for current bugs.

Did you like the article and did the instructions on the blog help you? Then I would be happy if you the blog via a Steady Membership or at Patreon would support.

Post a comment Cancel comment

Apple Music Classical: Available today on the App Store
That Apple has an iPhoneApp would release for streaming classical music has been known for a long time. The release was actually supposed to take place in 2022, but it was repeatedly postponed. As of today, Apple Music Classical can finally be downloaded from the iOS App Store. Use, including all available titles and playlists, is included in the Apple Music subscription. This costs €10,99 per month for regular bookings, and only €5,99 for students. The Voice subscription for €4,99 does not entitle you to use the new offer. You can find more details on this below.
From today you can download the Apple Music Classical app from the official store for iPhone programs. There are various suggestions, playlists and curated content, but also eras, genres, instruments and other categories for your own search. Here you get a first insight.

Apple Music Classical officially on the App Store starting today
Apple had announced more than two weeks agothat the new classic app should be available from today. Now, after a long wait, it is available really free of charge and with a small download of just 16,6 MB. At least iOS 15.4 or a more recent operating system is required on the iPhone or iPod touch. The individual pieces from what Apple calls "the world's largest classical music catalogue" are available in the best possible sound quality - i.e. in Hi-Res Lossless with up to 192 kHz / 24 bit. The individual tabs of the app, the various sorting options, search aids and playlists are designed to enable newcomers to classical music to familiarize themselves with this type of music.
First look at the classical music app on the iPhone
When you launch the Apple Music Classical app, the Listen Now tab already gives you a few suggestions for listening to specific albums or genres. Exclusive content is served up directly, which is accompanied by 3D audio Dolby Atmos can be enjoyed. If you still can't make up your mind, it's best to have a look around in the "Discover" tab first.
Using the app begins with the "Listen Now" tab, which directly suggests high-quality recordings. Suggestions are also made for exploring eras and genres of classical music.
In the "Discover" tab there are three sections "Catalog", "Playlists" and "Instruments". In the catalogue, you look around for specific composers, conductors, orchestras, soloists, ensembles, choirs, or for epochs and genres. So if you have heard of this group or person before, you can start here. Playlists have similar choices, but also offers for specific moods, curated playlists, and so on.
The "Discover" tab offers various options. You can browse the catalog, search for specific playlists, or discover classical music played on your favorite instrument.
The Instruments tab offers a selection of these musical instruments: Piano, Organ, Harpsichord, Cello, Violin, Viola, Gamba, Guitar, Lute, Double Bass, Harp, Trumpet, French Horn, Trombone, Clarinet, Oboe, Flute, Bassoon, Recorder, Saxophone and percussion/drums. Various voices are also performed: soprano, mezzo-soprano, countertenor, tenor and bass-baritone. Here you can search specifically for certain sounds and pitches.
In the Instruments section of the "Discover" tab, you can select a variety of musical tools. So you can quickly and easily find exactly those sounds and pitches that you want to listen to.
The "Library" tab in the Apple Music Classical app is very similar to that in Apple's Music app. There are also the categories Albums, Playlists, Tracks and Artists – as well as Recordings, Works and Composers. The last three make more sense here, of course, which is why they're a good addition to the Classics app. In the regular music app, there is instead a "Loaded" item for downloaded tracks.
In the media library, the stored content can be viewed well sorted and selected for playback. However, there is no "Loaded" point. Classical music can only be streamed in the new Apple app.

Apple wants to offer “the ultimate classic experience”.
In the description of the new offer in the iOS App Store the same is referred to as "the ultimate classic experience". This statement is not just in the room, but is substantiated with a few explanatory points. These are as follows:
- Get unlimited access to the world's largest classical music catalog (over 5 million titles), featuring everything from new releases to famous masterpieces. Also, it offers thousands of exclusive albums.
- Search by composer, work, conductor or even catalog number to find specific recordings instantly.
- Listen in the highest sound quality (Hi-Res Lossless with a maximum resolution of 192kHz/24bit) and enjoy thousands of recordings in impressive 3D audio with Dolby Atmos.
- Benefit from complete and accurate metadata so you know exactly what and who you're reflecting.
- Learn by listening with thousands of composer biographies, major work descriptions and more.
- Listen to music via AirPlay on compatible wireless devices.
Classical music cannot be downloaded
That all sounds good, but if you want to play classical music with the new app on the go or in places without Wi-Fi, you should know that none of the tracks, albums or playlists can be downloaded. The "Requirements" part of the app description states: "You must be connected to the internet to listen to music in Apple Music Classical."
You won't find the download option in this app.
Furthermore, the description of the app states that available content and functions may vary depending on the country or region. The app is also currently not available in China, Japan, Korea, Russia, Taiwan and Turkey. Whether you can use a VPN to get the app working while on vacation or any other trip to one of those countries, I don't know. What do you think of the new classic offering for the iPhone? Have you already listened? Please leave a comment with your opinion and your experiences!
Self-adhesive patches or bandages - my pick of the week
This time I have another tip that has nothing to do with Apple. I just take the liberty and use it Pick of the week for such recommendations.
Adhesive patches instead of sticky patches
But enough of the preamble: It's about self-adhesive patches that do not require any glue at all. In the doctor's office, things seem to go under the term "adhesive bandage". I discovered these things when I was looking for band aids on Amazon... Actually I wanted to have a piece of this kind where you can cut off band aids as big as you need them. But in the end I ordered something else, namely a plaster on a roll that sticks to itself and does not require any glue at all. However, the adhesive bandages have a few advantages and disadvantages, which I would like to mention here.
Health Press's self-adhesive patches are my pick of the week - and no, they didn't pay me anything... I just find them handy (Photos: Sir Apfelot).

Benefits
- You can make the patch as long as you need it and it is more adjustable than sticky patches.
- The patch has no areas that are only sticky and not for covering wounds.
- It's soft, yet it sticks to itself. So you don't have a rough area like you have with Velcro.
- It comes off the skin easily because it only sticks to itself and not to the skin. Therefore it is great for children.
- It can withstand hand washing (but it gets wet underneath).
- It lets more air through (if you just wrap it around once) than a regular patch.
Disadvantages
- You can't stick it on one area, it always has to be wrapped around something so that it gets caught by the pull on the corresponding part of the body. To attach such a patch to the chest, for example, you would have to wrap it around the chest once.
- Even though the product description says "waterproof", it doesn't absorb water like normal fabric because it has a waxed feel and repels water a little.
- The fabric is not very thick. If you put iodine on it, you have to wrap a few layers to keep it from going through.
- Once the plaster has been removed, it no longer sticks properly and you have to take a new one.
- If a wound is to be covered as "tightly" as possible, you may have to put something underneath it - but it will never be airtight or watertight.
I ordered the patches in 2,5 cm and 5 cm widths – I haven't used the 5 cm version yet, but I'm sure that will come.

Two widths available
The adhesive bandages I got are from Health Press. There is one 2,5 cm and one 5,0 cm wide, each with a length of 4,5 meters. Both are listed here:
- Health Press adhesive plasters 2,5 cm x 4,5 m (8 rolls)
- Health Press adhesive plasters 5,0 cm x 4,5 m (8 rolls)
5,00 EUR
Finger plaster self-adhesive - 8x plaster roll (2,5cm x 4,5m) - bandage self-adhesive -...

👍 FINGERPADS THAT CONVINCES: The fingertape is self-adhesive and can therefore be quickly removed in emergencies...
🙅‍♂️NO MORE TEARS WHEN PULLING OFF: The original Health Press finger plaster can be compared to ...
👨‍🔬 MEDICALLY CERTIFIED: The medically certified fixing bandage from Health Press was tested by DERMATEST ...
14,99 EUR −5,00 EUR 9,99 EUR
Buy it at Amazon Price includes VAT, plus shipping costs (updated: 26.03.2023 at 23: 41 clock)
Self-adhesive dressing - 8x plaster roll (5,0cm x 4,5m) - Original Health Press dressing material...

👍 SELF-ADHESIVE EFFECT: The fixing bandage is self-adhesive and easy to attach, so you can also ...
😇 PULL OFF PAINLESS: The original Health Press adhesive bandage can not only be removed painlessly, but ...
👨‍🔬 DERMATOLOGICALLY TESTED: The elastic bandage from Health Press is medically certified and has been ...
14,99 EUR
Buy it at Amazon Price includes VAT, plus shipping costs (updated: 26.03.2023 at 23: 41 clock)
I like to use these band-aids when I've torn my cuticles somewhere on a finger and it keeps getting stuck when you put your hands in your pockets. The plasters protect the areas well and they are not bulky. And you can make them just as long as you need them. Therefore, the price per plaster is not as high as with the sets that you usually get and from which you always need exactly the size that is currently used up.
I didn't have a wound, but I wrapped my finger for you - this is what the adhesive plaster looks like.

Summary
I hope you can do something with the recommendation and maybe stick – sorry, “stick” – things will soon also stick to your fingers, feet, arms and legs. For earlobes, forehead and buttocks they are not so good to use. 😊
Outlook for iOS 17: updates, bug fixes and wish list functions
Next June we will be part of the WWDC23 various new operating systems from Apple. Among them will be iOS 17 for the iPhone. However, this should be less extensive than iOS 16 last year. If this system brought new features such as customizable lock screens, background removal in photos, multi-stop routes in the Maps app, new security settings and the like, iOS 17 should primarily be an update with bug fixes and performance increases. Errors of the ambitious predecessor should be ironed out. At the same time, there should be a few small innovations that are on the wish list of users.
The new iOS 17 is said to have been planned for a while as a pure "Tuneup Release" for iOS 16. However, a few new functions are now interspersed, which are probably frequently addressed by users. There shouldn't be any major innovations like iOS 16.

iOS 17 is for the iPhone like Mac OS X 10.6 is for the Mac
For anyone who kept their Mac up to date in the 2000s, the comparison will certainly make sense: Apple released Mac OS X 2007 Leopard in 10.5. This introduced Boot Camp, Time Machine backups, the animated 3D Dock, Safari 3 and many other innovations. For the next two years, Apple was busy polishing it all up. And so, in 2009, Mac OS X 10.6 Snow Leopard came out—it had fewer major innovations, but it used less disk space and memory. Little extras included iCal support and QuickTime Player X (more details here). In 2022, iOS 16 brought major changes to the iPhone. And it has also been shown that some things still need fine-tuning. iOS 17 is to be presented as an update system in June 2023 and then published in autumn. According to Bloomberg journalist Mark Gurman, Apple discussed the term "Tuneup Release" because the operating system's performance is to be significantly increased. However, this was abandoned because it was decided to add a few new functions. This was based on the most frequently expressed wishes of the users. The system will probably be officially released with the release of the iPhone 15 series in September 2023.
Topic Compatibility: These iPhone models run iOS 16
Apple Mixed Reality Headset: Presentation rehearsed in front of the top executives
Last week it was at Apple Park's Steve Jobs Theater in Cupertino a gathering of the company's top 100 executives. This was before their annual trip to a resort in Carmel Valley, California. Bloomberg journalist Mark Gurman reports this in his current "Power On" newsletter. The meeting was intended to swear the senior Apple people on the upcoming release of the mixed reality headset. However, it should not have brought any exuberant hype, but also and above all a realistic view of the new Apple platform and the market.
Last week there were reportedly presentations and demonstrations of Apple's mixed reality headset in front of the company's top 100 executives. Their manner indicate an early presentation before the public.

The last Fight Club demo before launch?
Demonstrating Apple's mixed reality headset to the company's top 100 executives is said to have been no one-off thing. Since 2018, there has been an annual meeting of this kind, at which the current status of the headset is presented. These meetings, with demonstrations of the latest technology, shall be called the "Fight Club" demo - because the first rule of Fight Club is don't talk (publicly) about Fight Club. But this secrecy does not seem to be necessary for much longer. The Steve Jobs Theater as this year's meeting place as well as highly polished presentations during the event point to a timely launch. Mark Gurman writes in his newsletter that this year's demonstrations of the MR headset at Apple were more exciting and glamorous than previous years. The company should probably be prepared for a new chapter here. And now as quickly as possible.
Apple's new big platform: headsets for VR and AR
The trade press expects the public presentation in June, more precisely for the openingKeynote the WWDC23. You can read more about this here: When does WWDC23 take place and what will be presented? The headset, which can be used for virtual reality (VR) and augmented reality (AR), is intended to become Apple's new major platform, and thus a new sales market alongside Mac, iPhone, iPad and Apple Watch. The market launch could be similar to the watch. It might get off to a rocky start, but only over time would broader interest and system improvements and third-party apps result in a viable product. Accordingly, “only” one million units are to be sold in the first year, at around $3.000 each.
A weak market that still needs to be expanded
Apple is venturing into unsafe territory with the headset. Because from the Mac to the iPhone to the Apple Watch, earlier devices consisted of improvements to already known offers. With the Apple Watch, potential users had to be explained a bit more about the meaning of a rather expensive smartwatch – but thanks to the numerous health features, useful third-party apps and Apple's large fitness ecosystem, this has been successful. The new MR headset has to prove itself in a similar way. Here you can't build on the experience of cheaper products with many (like the watch with other fitness watches). Here a market has to be pushed that is still developing for larger sales. It takes strong reasons why people should want an Apple headset. In addition to gaming and some health and research areas, something more is needed - something for everyday life.
The current status: criticism of hardware and software
The Apple MR headset will certainly be technically at a high level. The screen quality, eye and hand tracking and many other expected features will certainly not be bad either. Nevertheless, the possible innovations are overshadowed by rather negative impressions in advance. At the above-mentioned meeting last week, the following combination is said to have been viewed rather critically: a price of $3.000, no really outstanding app, an external battery that has to be replaced or charged every few hours, and a design that is probably from was found uncomfortable by some testers. Overall not too good starting conditions, but room for improvement. That at least gives hope for the next versions.
Conclusion: Not a sprint, but a marathon
The Apple Watch was not a complete success at first either. It started with a confusing interface, with rather mediocre apps, an average processor and no fixed area of application. But over time, with tech improvements, a greater focus on fitness and health, and better apps, the watch became a hit. A similar marathon (with the explanation of the necessity of the device as an extra mile) must also be put down by Apple's MR headset. Unless a niche market emerges that only Apple can play, it will take some time before the headset finds a permanent place in Apple's profit mix alongside the iPhone, Mac, iPad, watch and services. What do you say to that? Please leave a comment!
Podcast episode #001 – week 12/2023
Here you can find episode #001 of the Sir Apfelot newsreel podcast, which covers the news of calendar week 12/2023. This time it's about apps, game controllers, new versions of iOS and watchOS, AI tools, mass layoffs, a privacy gap in Windows and Android and much more. We hope you enjoy the new episode and look forward to your comments!

Podcast episode content

New blog posts
News in the newsreel blog post
- AI tools at Google, Microsoft, Opera and Adobe
- AI image generation in Bing
- Project Firefly by Adobe
- Layoffs at Amazon
- Privacy issues with screenshots from Google Pixel smartphones and Windows 10 and 11 PCs
- Media library merging for public broadcasters
- alternative app store for Xbox games from Microsoft
- Apple patent on NFC watch straps
- Apple Music makes playlists disappear and they appear on other users
- iOS 16.4 and watchOS 9.4
- Bye Bye
- read all this news with sources in the weekly newsreel KW 12/2023
Unfortunately, the first episode is not yet available on Apple Podcasts, but you can find it on Amazon Music, Spotify and a few other podcast directories. I'll add the link to Apple Podcasts here once we're up there and live.

What do the suction force values Pa, kPa or AW mean for ... I often write test reports on vacuum robots, cordless vacuum cleaners or normal mains-operated cylinder vacuum cleaners. In this context, I usually also study the technical data ...
[Updates!] Even more returns scam: Is… About a month ago I asked the question Is retouren-produkte-retten.de a scam? placed. Because the site not only drew a lot of advertising on YouTube, but...
Gamer names - the best in this big list Gamer names are very important to create a memorable and unique identity. They should be memorable and related to the game you are playing...
Hay Day names - my 25 nicknames and practical tips One of the most popular mobile games, Hay Day allows players to manage and maintain their own farm. An important part of the game...
iPhone photos – store location as recording location… For photos and videos, the Apple iPhone's camera app can save the current location as the recording location in the file. But what does this information bring and…

Don't panic: Checkm8 vulnerability for jailbreaking iPhones 2011 - 2017

Checkm8 Boot-ROM exploit requires USB connection

Recommendation: USB condom and detailed information

Related Articles

Post a comment Cancel comment

sir appleot

Specials

Shopping