The Unpatchable Checkra1n Exploit

Today, the “unpatchable” jailbreak known as  Checkra1n (Device Compatibility) was officially released and generally available. Checkra1n is unprecedented in potential impact with millions of devices at risk as a result of the extensive device and iOS targets. While this should concern anyone using any of the targeted devices or iOS versions, those using Zimperium’s zIPS and zIAP solutions have detection and remediation without any modifications or update to the product.  

Let’s take a look at Zimperium zIPS in action using the latest Apple App Store version of zIPS, v4.11, and using an iDevice installed with iOS 13.1.3.  It’s noteworthy to mention that even a device with the latest iOS 13.2.2 is equally vulnerable.

Below are the Threat Log details and forensics for each of the reported threat events. 

You can see how the Zimperium’s zIPS application provided comprehensive on-device threat detection and forensics coverage of the checkra1n exploit/jailbreak (see Table 1). 

Because Checkra1n leverages an unpatchable vulnerability in the BootROM, the only way to mitigate this threat entirely is by upgrading devices to an iPhone XR or more recent which is not practical or immediately possible for most people. Zimperium zIPS and zIAP products provide enterprises and government organizations visibility and protection before devices are compromised or sensitive information is stolen.   

For more information on our mobile threat defense solutions, contact us here.

The post The Unpatchable Checkra1n Exploit appeared first on Zimperium Mobile Security Blog.

Article Link: https://blog.zimperium.com/the-unpatchable-checkra1n-exploit/