It’s just a couple of weeks or so since a vulnerability was discovered in millions of older iPhones and iPads.
The Checkm8 iPhone boot ROM exploit allows anyone which physical access to your iPhone to jailbreak it within seconds.
And because the exploit takes advantage of a vulnerability in the iPhone’s secure boot ROM – a hardware area of the phone which cannot be changed through a software update – Apple aren’t able to roll out a patch for it.
Boffins at Cisco Talos are now warning that someone has created a website that promises to let owners jailbreak their iPhones using the Checkm8 exploit, but actually installs apps with the intention of earning click-fraud revenue for fraudsters. Apps installed through the process can include a slot machine game called PopSlots.
The website in question is called checkrain[.]com (I wouldn’t recommend going there), and poses as a project from the jailbreaking community called checkra1n (note the “1” in the name).
The bogus site encourages users to install a malicious configuration file.
In a YouTube video, a Cisco Talos researcher demonstrates what happens if you visit the bogus website and follow its instructions, believing your iPhone will be jailbroken.[embedded content]As the researchers explain in their ..