iOS 13.3 has a problem that puts even the Apple company in difficulty, and that's because we're talking about something that exceeds the security restrictions that the American company has imposed so far.
We are talking about a very serious problem of iOS 13.3 that Apple has not foreseen until now, but which allows the extraction of data from its iDevices, regardless of the conditions under which everything is done.
iOS 13.3 can be exploited using the checkm8 bootrom exploit, and thanks to it, data can be extracted from iDevices even in a state of use where the devices should be completely secured even if they are jailbroken.
We are talking about a state of use called BFU, Before First Unlock, that is, when a phone that has been closed, or restarted, has not been unlocked by the user, and remains in the state in which it is blocked, it displays the lockscreen, but it has not been unlocked yet.
iOS 13.3 should have all data in iDevices encrypted and secured in this state, but a Russian IT security company discovered that if it jailbreaks with checkm8 beforehand, it can bypass Apple's security measures.
"Some data containing authentication credentials for email accounts and a series of authentication tokens is available before the iPhone is unlocked, so before the user enters the password. Accessing the terminal in BFU mode requires installing the checkra1n jailbreak that targets vulnerabilities in Apple's bootrom. The jailbreak is installed via DFU mode and is available to all compatible devices regardless of their jailbreak or BFU / AFU status.”
The type of data that can be extracted is quite limited, but the simple fact that iOS 13.3 is vulnerable to this type of exploitation is the main problem, and apparently, Apple did not foresee such a problem.
iOS 13.3 can be jailbroken with the checkra1n solution, based on checkm8, even when the iDevices are locked, so the problem cannot be removed, especially since bootrom exploits allow jailbreaking in any version of iOS.
Apple doesn't really have a way to protect data from iDevices, and since all devices from the iPhone 5S to the iPhone X are vulnerable, Americans will have a lot of explaining to do about what's happening.
iOS 13.3 should not be able to have the problem solved by Apple in one way or another, so it remains to be seen what the Americans will say about this very dangerous situation.
