The developer of ipwndfu, an open source jailbreaking application for older iOS devices, announced a "permanent unpatchable bootrom exploit" that works against hundreds of millions of iOS devices. All iPhones starting with the 4S generation and ending with the iPhone X are vulnerable. Similarly, all iPads that use chips from A5 to A11 are affected by the exploit.
According to the the ipwndfu developer, who goes by the handle @axi0mX on Twitter, there hasn’t been a public bootrom exploit for iOS since iPhone 4 came out in 2010. The developer also noted that this is the biggest news in the iOS jailbreaking community in years.
The reason for that has to do not just with the fact that the exploit affects multiple iOS device generations, but also because Apple can’t fix an exploit in the bootrom without a new hardware revision.
The bootrom, called SecureROM by Apple, is read-only precisely so that it can’t suffer third-party modifications. However, that means Apple can’t update it via an iOS update either. Even though the bootroom is read-only so it shouldn't allow any kind of exploitation, no piece of software is ever perfect, so eventually someone finds a bug in it and exploits it.
The developer noted that what he’s releasing today is not a full jailbreak, but only the exploit for the bootroom. He said you would still need additional hardware and software to jailbreak the devices, but he’s hopeful someone else will be able to discover a method that doesn’t require additional hardware and software for the jailbreak.
The developer was able to find the vulnerability in the bootrom after Apple patched a critical use-after-free bug in iOS 12 beta in the summer of 2018. He believes that others likely saw what other bugs this patch created, but they may not have made those public.
Exploits that enable jailbreaking of iOS devices take advantage of security vulnerabilities that malicious parties could use, too, similar to how rooting works on Android devices. This is why both Apple and Google play a constant game of cat-and-mouse with the jailbreaking/rooting communities. However, in this case, Apple should not be able to update the existing devices to fix the flaw, so we may see the jailbreaking community rise in numbers over the next few years.
