{"id":11230,"date":"2019-10-08T06:00:55","date_gmt":"2019-10-08T13:00:55","guid":{"rendered":"https:\/\/www.zubairalexander.com\/stage\/?p=11230"},"modified":"2019-12-06T16:31:18","modified_gmt":"2019-12-06T23:31:18","slug":"bootrom-vulnerability-in-apples-ios-allows-compromise-of-iphones-and-ipads","status":"publish","type":"post","link":"https:\/\/www.zubairalexander.com\/blog\/bootrom-vulnerability-in-apples-ios-allows-compromise-of-iphones-and-ipads\/","title":{"rendered":"Bootrom Vulnerability in Apple&#8217;s iOS Allows Compromise of iPhones and iPads"},"content":{"rendered":"<p style=\"margin: 0in; font-family: Calibri; font-size: 12.0pt;\"><button id=\"listenButton1\" class=\"responsivevoice-button\" type=\"button\" value=\"Play\" title=\"ResponsiveVoice Tap to Start\/Stop Speech\"><span>&#128266; Listen to Post<\/span><\/button>\n        <script>\n            listenButton1.onclick = function(){\n                if(responsiveVoice.isPlaying()){\n                    responsiveVoice.cancel();\n                }else{\n                    responsiveVoice.speak(\"Last week MalwareBytes Labs reported that an Apple iOS researcher has released an exploit called checkm8 (pronounced \\\"checkmate\\\"). Because the vulnerability is in the Read-Only Memory (ROM) chip, or bootrom, it makes it really dangerous. A ROM chip is read-only so it can\\'t be changed. Obviously, discovering a bug in bootrom, the code that\\'s loaded during the startup, is a serious concern to the security professionals. Which Apple Devices are Vulnerable? The code that can be used to take advantage of the bug is posted on GitHub and anyone can utilize it. According to Malware Labs, the following Apple devices can be exploited by checkm8. Phones from the 4s up to the iPhone X iPads from the 2 up to the 7th generation iPad Mini 2 and 3 iPad Air 1st and 2nd generation iPad Pro 10.5-inch and 12.9-inch 2nd generation Apple Watch Series 1, Series 2, and Series 3 Apple TV 3rd generation and 4k iPod Touch 5th generation to 7th generation Which Apple Devices are Safe? People who have newer Apple devices, such as Apple\\'s A12 and later chips are not vulnerable to checkm8. These devices include the new iPhone X, XR, 11 and the 3rd generation iPad Pros. Should You Be Worried? To better understand the potential dangers, you should read the entire article by MalwareBytes Labs because it explains in more detail the conditions under which your device may be vulnerable. The bootrom vulnerability is very different than the software vulnerabilities that we often talk about. Therefore, it\\'s best that you read the article and understand what you are up against. Sometimes the headlines can sound scarier than they really are and other times just the opposite is true. Apple\\'s security, just like other vendors, has taken some hits in the recent years because it\\'s devices and operating systems have not been as secure as they were in the past. Having said that, it doesn\\'t appear that you need to panic or upgrade your older devices to one of the newer devices mentioned above today. Although the potential vulnerability is in the hardware and you would have to upgrade your device to address the issue, there haven\\'t been reports of a major problem that should cause you immediate concern. When you are ready to upgrade your device for whatever reason, consider upgrading to an iOS device that\\'s safe from the vulnerability. Pros and Cons of Apple Devices Apple products are generally based on a closed architecture. This is an advantage and a drawback at the same time. For example, MacOS is a UNIX-based OS and is more secure than a Windows-based PC because of it\\'s sandboxing feature, which prevents exploits from spreading easily across the entire system. This is an advantage of owning an Apple device. However, when there is a security bug or flaw in an Apple product, users often have to rely solely on a solution from Apple. Unlike Windows and Android devices, you can\\'t use registry hacks, rooting, and other techniques published by users on the Internet to secure your system, even if you are logged in as an administrator. That\\'s a drawback of owning an Apple device. If Apple doesn\\'t release a security patch quickly then you don\\'t have much choices to protect yourself. This doesn\\'t mean that PC or Android devices are necessarily safer than Apple devices. It simply means that they can often be patched quickly. Because a vast majority of computers in the world are PCs, they are a much more attractive target for the hackers. As Apple products are becoming more popular, Apple users are also becoming more vulnerable to cyberattacks. There are pros and cons of owning Macs and iOS devices, just like there are pros and cons of owning Windows and Android devices. To secure your devices, make sure they are configured for automatic updates and are running anti-malware software. Can Macs & iOS Devices Get Viruses? Have you ever heard from someone that MacOS or iOS can\\'t get viruses? I don\\'t know who started the rumor, but all I can tell you is that Apple\\'s Mac desktops and mobile devices (iPhones\/iPads) are also vulnerable to exploits, just like Windows PCs and Android mobile devices. That\\'s why dozens of software vendors offer antivirus software for Macs. According to MacWorld, \\\"Plenty of Mac aficionados will tell you that Apple computers are inherently secure and don\\'t require protection. We\\'d argue that they are wrong - or overconfident, at least.\\\" Here\\'s a list of The best Mac antivirus of 2019 and the 12+ Best Antivirus Apps for iPhone and iPad. In addition to the paid versions, for home use you can also install one of the following FREE Mac antivirus suggested by the PC Magazine. Obviously, the paid versions will give you more options, but some of the free versions are also pretty good. Sophos Home Free (for Mac) Avira Free\u00a0 Antivirus for Mac Avast Security (for Mac) AVG Antivirus for Mac Additional Reading Check out this Ars Technica article for more information on checkm8 exploit. Thanks for reading my article. If you are interested in IT training & consulting services, please reach out to me. Visit ZubairAlexander.com for information on my professional background. Copyright \u00a9 2019 SeattlePro Enterprises, LLC. All rights reserved.\", \"US English Male\");\n                }\n            };\n        <\/script>\n    <\/p>\n<p>Last week <a href=\"https:\/\/blog.malwarebytes.com\/mac\/2019\/09\/new-ios-exploit-checkm8-allows-permanent-compromise-of-iphones\/\" target=\"_blank\" rel=\"noopener noreferrer\">MalwareBytes Labs<\/a> reported that an Apple iOS researcher has released an exploit called checkm8 (pronounced &#8220;checkmate&#8221;). Because the vulnerability is in the Read-Only Memory (ROM) chip, or bootrom, it makes it really dangerous. A ROM chip is read-only so it can&#8217;t be changed. Obviously, discovering a bug in bootrom, the code that&#8217;s loaded during the startup, is a serious concern to the security professionals.<\/p>\n<h4><strong>Which Apple Devices are Vulnerable?<\/strong><\/h4>\n<p>The code that can be used to take advantage of the bug is posted on GitHub and anyone can utilize it. According to Malware Labs, the following Apple devices can be exploited by checkm8.<\/p>\n<ul>\n<li>Phones from the 4s up to the iPhone X<\/li>\n<li>iPads from the 2 up to the 7th generation<\/li>\n<li>iPad Mini 2 and 3<\/li>\n<li>iPad Air 1st and 2nd generation<\/li>\n<li>iPad Pro 10.5-inch and 12.9-inch 2nd generation<\/li>\n<li>Apple Watch Series 1, Series 2, and Series 3<\/li>\n<li>Apple TV 3rd generation and 4k<\/li>\n<li>iPod Touch 5th generation to 7th generation<\/li>\n<\/ul>\n<h4><strong>Which Apple Devices are Safe?<\/strong><\/h4>\n<p>People who have newer Apple devices, such as Apple&#8217;s A12 and later chips are not vulnerable to checkm8. These devices include the new iPhone X, XR, 11 and the 3rd generation iPad Pros.<\/p>\n<h4><strong>Should You Be Worried?<\/strong><\/h4>\n<p>To better understand the potential dangers, you should read the entire article by <a href=\"https:\/\/blog.malwarebytes.com\/mac\/2019\/09\/new-ios-exploit-checkm8-allows-permanent-compromise-of-iphones\/\" target=\"_blank\" rel=\"noopener noreferrer\">MalwareBytes Labs<\/a> because it explains in more detail the conditions under which your device may be vulnerable. The bootrom vulnerability is very different than the software vulnerabilities that we often talk about. Therefore, it&#8217;s best that you read the article and understand what you are up against. Sometimes the headlines can sound scarier than they really are and other times just the opposite is true.<\/p>\n<p>Apple&#8217;s security, just like other vendors, has taken some hits in the recent years because it&#8217;s devices and operating systems have not been as secure as they were in the past. Having said that, it doesn&#8217;t appear that you need to panic or upgrade your older devices to one of the newer devices mentioned above today. Although the potential vulnerability is in the hardware and you would have to upgrade your device to address the issue, there haven&#8217;t been reports of a major problem that should cause you immediate concern. When you are ready to upgrade your device for whatever reason, consider upgrading to an iOS device that&#8217;s safe from the vulnerability.<\/p>\n<p><img decoding=\"async\" class=\"alignnone size-large wp-image-11231\" src=\"https:\/\/www.zubairalexander.com\/blog\/wp-content\/uploads\/2019\/10\/Apple-Mac-1920x1275-1024x680.jpg\" alt=\"Apple Macintosh\" width=\"1024\" height=\"680\" srcset=\"https:\/\/www.zubairalexander.com\/blog\/wp-content\/uploads\/2019\/10\/Apple-Mac-1920x1275-1024x680.jpg 1024w, https:\/\/www.zubairalexander.com\/blog\/wp-content\/uploads\/2019\/10\/Apple-Mac-1920x1275-300x199.jpg 300w, https:\/\/www.zubairalexander.com\/blog\/wp-content\/uploads\/2019\/10\/Apple-Mac-1920x1275-768x510.jpg 768w, https:\/\/www.zubairalexander.com\/blog\/wp-content\/uploads\/2019\/10\/Apple-Mac-1920x1275.jpg 1920w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/p>\n<h4><strong>Pros and Cons of Apple Devices<\/strong><\/h4>\n<p>Apple products are generally based on a closed architecture. This is an advantage and a drawback at the same time. For example, MacOS is a UNIX-based OS and is more secure than a Windows-based PC because of it&#8217;s sandboxing feature, which prevents exploits from spreading easily across the entire system. This is an advantage of owning an Apple device. However, when there is a security bug or flaw in an Apple product, users often have to rely solely on a solution from Apple. Unlike Windows and Android devices, you can&#8217;t use registry hacks, rooting, and other techniques published by users on the Internet to secure your system, even if you are logged in as an administrator. That&#8217;s a drawback of owning an Apple device. If Apple doesn&#8217;t release a security patch quickly then you don&#8217;t have much choices to protect yourself. This doesn&#8217;t mean that PC or Android devices are necessarily safer than Apple devices. It simply means that they can often be patched quickly. Because a vast majority of computers in the world are PCs, they are a much more attractive target for the hackers. As Apple products are becoming more popular, Apple users are also becoming more vulnerable to cyberattacks.<\/p>\n<table>\n<tbody>\n<tr>\n<td style=\"background-color: #f0f0f0; text-align: left; vertical-align: top;\"><span style=\"font-size: 18pt;\">There are pros and cons of owning Macs and iOS devices, just like there are pros and cons of owning Windows and Android devices. To secure your devices, make sure they are configured for automatic updates and are running anti-malware software.<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><img decoding=\"async\" class=\"alignnone size-large wp-image-11232\" src=\"https:\/\/www.zubairalexander.com\/blog\/wp-content\/uploads\/2019\/10\/iPhone_X_1920x1056-1024x563.jpg\" alt=\"iPhone X\" width=\"1024\" height=\"563\" srcset=\"https:\/\/www.zubairalexander.com\/blog\/wp-content\/uploads\/2019\/10\/iPhone_X_1920x1056-1024x563.jpg 1024w, https:\/\/www.zubairalexander.com\/blog\/wp-content\/uploads\/2019\/10\/iPhone_X_1920x1056-300x165.jpg 300w, https:\/\/www.zubairalexander.com\/blog\/wp-content\/uploads\/2019\/10\/iPhone_X_1920x1056-768x422.jpg 768w, https:\/\/www.zubairalexander.com\/blog\/wp-content\/uploads\/2019\/10\/iPhone_X_1920x1056.jpg 1920w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/p>\n<h4><strong>Can Macs &amp; iOS Devices Get Viruses?<\/strong><\/h4>\n<p>Have you ever heard from someone that MacOS or iOS can&#8217;t get viruses? I don&#8217;t know who started the rumor, but all I can tell you is that Apple&#8217;s Mac desktops and mobile devices (iPhones\/iPads) are also vulnerable to exploits, just like Windows PCs and Android mobile devices. That&#8217;s why dozens of software vendors offer antivirus software for Macs.<\/p>\n<table>\n<tbody>\n<tr>\n<td style=\"background-color: #f0f0f0; text-align: left; vertical-align: top;\"><span style=\"font-size: 16pt;\">According to <a href=\"https:\/\/www.macworld.co.uk\/feature\/mac-software\/mac-antivirus-3672182\/\" target=\"_blank\" rel=\"noopener noreferrer\">MacWorld<\/a>, &#8220;Plenty of Mac aficionados will tell you that Apple computers are inherently secure and don&#8217;t require protection. We&#8217;d argue that they are wrong &#8211; or overconfident, at least.&#8221;<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>Here&#8217;s a list of <a href=\"https:\/\/www.macworld.co.uk\/feature\/mac-software\/mac-antivirus-3672182\/\" target=\"_blank\" rel=\"noopener noreferrer\">The best Mac antivirus of 2019<\/a> and the <a href=\"https:\/\/www.mactip.net\/best-antivirus-apps-for-iphone-and-ipad\/\" target=\"_blank\" rel=\"noopener noreferrer\">12+ Best Antivirus Apps for iPhone and iPad<\/a>. In addition to the paid versions, for home use you can also install one of the following FREE Mac antivirus suggested by the <a href=\"https:\/\/www.pcmag.com\/roundup\/355173\/the-best-mac-antivirus-protection\" target=\"_blank\" rel=\"noopener noreferrer\">PC Magazine<\/a>. Obviously, the paid versions will give you more options, but some of the free versions are also pretty good.<\/p>\n<ol>\n<li>Sophos Home Free (for Mac)<\/li>\n<li>Avira Free\u00a0 Antivirus for Mac<\/li>\n<li>Avast Security (for Mac)<\/li>\n<li>AVG Antivirus for Mac<\/li>\n<\/ol>\n<h4><strong>Additional Reading<\/strong><\/h4>\n<p>Check out this <a href=\"https:\/\/arstechnica.com\/information-technology\/2019\/09\/developer-of-checkm8-explains-why-idevice-jailbreak-exploit-is-a-game-changer\/\" target=\"_blank\" rel=\"noopener noreferrer\">Ars Technica<\/a> article for more information on checkm8 exploit.<\/p>\n<table>\n<tbody>\n<tr>\n<td style=\"background-color: #e3e3e3; text-align: left;\">Thanks for reading my article. If you are interested in IT training &amp; consulting services, please reach out to me. Visit <a href=\"https:\/\/www.zubairalexander.com\/\" target=\"_blank\" rel=\"noopener noreferrer\">ZubairAlexander.com<\/a> for information on my professional background.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<hr \/>\n<p><span style=\"font-size: xx-small; font-family: Verdana;\">Copyright \u00a9 2019 <a href=\"https:\/\/www.seattlepro.com\/\" target=\"_blank\" rel=\"noopener noreferrer\">SeattlePro Enterprises, LLC<\/a>. All rights reserved.<br \/>\n<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Last week MalwareBytes Labs reported that an Apple iOS researcher has released an exploit called checkm8 (pronounced &#8220;checkmate&#8221;). Because the vulnerability is in the Read-Only Memory (ROM) chip, or bootrom, it makes it really dangerous. A ROM chip is read-only so it can&#8217;t be changed. Obviously, discovering a bug in bootrom, the code that&#8217;s loaded [&hellip;]<\/p>\n","protected":false},"author":7,"featured_media":7573,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[9,43,83,24,47],"tags":[],"class_list":["post-11230","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-applemcintosh","category-articles","category-bugs","category-security","category-wirelessmobile"],"aioseo_notices":[],"jetpack_featured_media_url":"https:\/\/www.zubairalexander.com\/blog\/wp-content\/uploads\/2017\/03\/Apple.jpg","_links":{"self":[{"href":"https:\/\/www.zubairalexander.com\/blog\/wp-json\/wp\/v2\/posts\/11230","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.zubairalexander.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.zubairalexander.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.zubairalexander.com\/blog\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/www.zubairalexander.com\/blog\/wp-json\/wp\/v2\/comments?post=11230"}],"version-history":[{"count":0,"href":"https:\/\/www.zubairalexander.com\/blog\/wp-json\/wp\/v2\/posts\/11230\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.zubairalexander.com\/blog\/wp-json\/wp\/v2\/media\/7573"}],"wp:attachment":[{"href":"https:\/\/www.zubairalexander.com\/blog\/wp-json\/wp\/v2\/media?parent=11230"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.zubairalexander.com\/blog\/wp-json\/wp\/v2\/categories?post=11230"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.zubairalexander.com\/blog\/wp-json\/wp\/v2\/tags?post=11230"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}