Alexander's Blog

Sharing knowledge with the global IT community since November 1, 2004

Bootrom Vulnerability in Apple’s iOS Allows Compromise of iPhones and iPads


Last week MalwareBytes Labs reported that an Apple iOS researcher has released an exploit called checkm8 (pronounced “checkmate”). Because the vulnerability is in the Read-Only Memory (ROM) chip, or bootrom, it makes it really dangerous. A ROM chip is read-only so it can’t be changed. Obviously, discovering a bug in bootrom, the code that’s loaded during the startup, is a serious concern to the security professionals.

Which Apple Devices are Vulnerable?

The code that can be used to take advantage of the bug is posted on GitHub and anyone can utilize it. According to Malware Labs, the following Apple devices can be exploited by checkm8.

  • Phones from the 4s up to the iPhone X
  • iPads from the 2 up to the 7th generation
  • iPad Mini 2 and 3
  • iPad Air 1st and 2nd generation
  • iPad Pro 10.5-inch and 12.9-inch 2nd generation
  • Apple Watch Series 1, Series 2, and Series 3
  • Apple TV 3rd generation and 4k
  • iPod Touch 5th generation to 7th generation

Which Apple Devices are Safe?

People who have newer Apple devices, such as Apple’s A12 and later chips are not vulnerable to checkm8. These devices include the new iPhone X, XR, 11 and the 3rd generation iPad Pros.

Should You Be Worried?

To better understand the potential dangers, you should read the entire article by MalwareBytes Labs because it explains in more detail the conditions under which your device may be vulnerable. The bootrom vulnerability is very different than the software vulnerabilities that we often talk about. Therefore, it’s best that you read the article and understand what you are up against. Sometimes the headlines can sound scarier than they really are and other times just the opposite is true.

Apple’s security, just like other vendors, has taken some hits in the recent years because it’s devices and operating systems have not been as secure as they were in the past. Having said that, it doesn’t appear that you need to panic or upgrade your older devices to one of the newer devices mentioned above today. Although the potential vulnerability is in the hardware and you would have to upgrade your device to address the issue, there haven’t been reports of a major problem that should cause you immediate concern. When you are ready to upgrade your device for whatever reason, consider upgrading to an iOS device that’s safe from the vulnerability.

Apple Macintosh

Pros and Cons of Apple Devices

Apple products are generally based on a closed architecture. This is an advantage and a drawback at the same time. For example, MacOS is a UNIX-based OS and is more secure than a Windows-based PC because of it’s sandboxing feature, which prevents exploits from spreading easily across the entire system. This is an advantage of owning an Apple device. However, when there is a security bug or flaw in an Apple product, users often have to rely solely on a solution from Apple. Unlike Windows and Android devices, you can’t use registry hacks, rooting, and other techniques published by users on the Internet to secure your system, even if you are logged in as an administrator. That’s a drawback of owning an Apple device. If Apple doesn’t release a security patch quickly then you don’t have much choices to protect yourself. This doesn’t mean that PC or Android devices are necessarily safer than Apple devices. It simply means that they can often be patched quickly. Because a vast majority of computers in the world are PCs, they are a much more attractive target for the hackers. As Apple products are becoming more popular, Apple users are also becoming more vulnerable to cyberattacks.

There are pros and cons of owning Macs and iOS devices, just like there are pros and cons of owning Windows and Android devices. To secure your devices, make sure they are configured for automatic updates and are running anti-malware software.

iPhone X

Can Macs & iOS Devices Get Viruses?

Have you ever heard from someone that MacOS or iOS can’t get viruses? I don’t know who started the rumor, but all I can tell you is that Apple’s Mac desktops and mobile devices (iPhones/iPads) are also vulnerable to exploits, just like Windows PCs and Android mobile devices. That’s why dozens of software vendors offer antivirus software for Macs.

According to MacWorld, “Plenty of Mac aficionados will tell you that Apple computers are inherently secure and don’t require protection. We’d argue that they are wrong – or overconfident, at least.”

Here’s a list of The best Mac antivirus of 2019 and the 12+ Best Antivirus Apps for iPhone and iPad. In addition to the paid versions, for home use you can also install one of the following FREE Mac antivirus suggested by the PC Magazine. Obviously, the paid versions will give you more options, but some of the free versions are also pretty good.

  1. Sophos Home Free (for Mac)
  2. Avira Free  Antivirus for Mac
  3. Avast Security (for Mac)
  4. AVG Antivirus for Mac

Additional Reading

Check out this Ars Technica article for more information on checkm8 exploit.

Thanks for reading my article. If you are interested in IT training & consulting services, please reach out to me. Visit for information on my professional background.

Copyright © 2019 SeattlePro Enterprises, LLC. All rights reserved.

  • Facebook
  • Twitter
  • Linkedin

Leave a Comment

Your email address will not be published. Required fields are marked *

This div height required for enabling the sticky sidebar