The wait for an iOS & iPadOS 15 jailbreak continues, even after Apple officially released iOS 16.0 to the general public this week. Having said that, we’d completely understand your anticipation for a status update, and that’s what we intend to provide in today’s piece.
iOS & iPadOS 15 jailbreaks are under development
The Odyssey Team’s upcoming rootless Cheyote jailbreak for iOS & iPadOS 15.0-15.1.1 is the one that has received arguably the most attention over the past several months, and for good reason. The team is generally pretty good in terms of releasing current jailbreaks and maintaining them for months to come.
However project lead developer CoolStar, clearly frustrated with the slew of impatient comments and criticism being received on message boards and on social media, has shared a number of controversial status updates in the past several weeks ranging from the idea of charging for a jailbreak release to intently postponing progress on completion; the latest Tweet from CoolStar just this morning reaffirms the latter:
Other members of the Sileo & Odyssey Team Discord channel have walked back some of those comments several times in recent memory. Those members have had to play Devil’s advocate between a frustrated CoolStar and an increasingly impatient public who have watched the calendar pages flip month after month without a jailbreak on the device they’ve intently preserved on iOS 15.0-15.1.1.
CoolStar had originally said that Cheyote would be her last jailbreak release, and that seems more and more like it’s going to be the case. CoolStar has found a more lucrative home in the ChromeOS community where she is currently developing mods for the platform, and this has attributed to the delays we are witnessing with Cheyote.
While the Odyssey Team hasn’t published a concrete ETA for the Cheyote jailbreak, we do know from a relatively recent status update that much of the holdup has to do with migrating Theos, a utility that developers use to make jailbreak tweaks, to the libhooker dynamic. This effort is taking some time, but afterwards, the first developers will receive a closed beta of Cheyote to test.
We have also been closely monitoring the checkra1n Team, however they have been much less vocal about their progress. In fact, the most recent status update we have from them transpired in December of 2021 and indicated that team member Siguza was looking to create a new volume to populate with any jailbreak content that couldn’t be bind-mounted now that union mounts were no longer possible on iOS & iPadOS 15.
While status updates have certainly been scarce from the checkra1n Team, that doesn’t mean that someone isn’t working on it. In fact, a quick glace over at the GitHub page shows that Siguza is actively tweaking the code, even if just little by little:
The last time I emailed with Siguza, he wanted me to stress that this project wouldn’t be ready anytime soon. He is a man of his word. There is currently no ETA for checkra1n to support iOS or iPadOS 15, and we don’t even know which version(s) of iOS & iPadOS 15 that it will support. What we do know, however, is that it will only work with devices sporting an A7-A11 chip, as checkra1n uses the hardware-based checkm8 bootrom exploit.
Another new contender in the race to develop an iOS & iPadOS 15 jailbreak is Blizzard developer geosn0w. He appears to be attempting to develop his first iOS & iPadOS 15 jailbreak based on the checkm8 bootrom exploit, which means that like checkra1n, it would only be capable of jailbreaking A7-A11 devices up to and including the iPhone X.
While geosn0w’s portfolio only currently contains a tool intended for iOS 9 devices, he has reasonably acknowledged that he doesn’t know if he will have the skillset to complete an iOS & iPadOS 15 jailbreak. Still, he intends to try anyway. iOS & iPadOS 15 have far more security countermeasures against jailbreaking than iOS 9 does, and this is part of the reason why we don’t have any jailbreaks for this firmware yet.
Given the complexities that come with jailbreaking iOS & iPadOS 15, geosn0w has not provided an ETA for or even a guarantee that his jailbreak would be released. In fact, it’s very much experimental. Much like CoolStar, geosn0w is making an effort to post a running list of what needs to be done to complete the jailbreak, with baby steps surfacing over time.
And saving what has the very real potential to be the best for last, iDB beleives it is especially important to mention Linus Henze, the security researcher behind the Fugu14 untether that was famously bound to the unc0ver jailbreak via AltStore to add support for A12-A14 devices running iOS & iPadOS 14.4-14.5.1.
As you might recall from one of our posts earlier this year, Henze plans to give a talk at the Objective by the Sea conference next month in which he plans to unveil how it’s possible to jailbreak iOS & iPadOS 15.4.1 despite all the latest security mitigations. Henze will discuss all the vulnerabilities exploited in the Fugu15 chain and how many of the security mitigations can be bypassed.
But perhaps more interestingly, Henze says that he will demo a an “interesting and uncommon” way of installing Fugu15 on a device.
It remains to be seen whether Henze plans to release Fugu15, or even if he will collaborate with unc0ver Team lead developer pwn20wnd again, but given the new install methodology and the fact that it bypasses much of the security mechanisms that jailbreak developers are struggling with today, we think this has the propensity to be a huge talk that could impact iOS & iPadOS 15 jailbreaking for the better, and we just can’t wait to see what becomes of it.
There has been no mention of Pwn20wnd working on the unc0ver jailbreak for iOS & iPadOS 15, but it will be interesting to see whether it gets any of the juicy support from the Fugu15 stuff discussed above.
Honorable Mention: TrollStore
TrollStore, originally introduced by iOS developer opa334, is a perma-signing utility for iOS & iPadOS 14.0-15.1.1. With it, you can permanently install any .ipa (iPhone application) file via an exploit instead of using traditional sideloading methods such as AltStore or Sideloady that force you to re-sign those apps every seven or 365 days (depending on whether you have a free or paid Apple developer account to sign them with).
TrollStore is far from a jailbreak, but its compatibility with iOS & iPadOS 15.0-15.1.1 is huge. This means users can install modified apps on their device that can do things you would otherwise only be able to do on a jailbroken device. In fact, some developers are already converting their jailbreak tweaks into sideloadable files so that you can do just that – see Legizmo Kincaid.
What’s more is opa334 thinks he can expand support beyond iOS & iPadOS 15.1.1 after Linus Henze releases Fugu15.
So even though TrollStore isn’t a jailbreak, it’s based on an exploit and lets you change the behavior of your device through modified apps, and that’s why we suggest messing around with it if you’re getting impatient waiting for your iOS & iPadOS 15 jailbreak to drop!
All the above boils down to the same thing we’ve been reiterating in almost every jailbreak-related post to date: there’s no ETA for an iOS & iPadOS 15 jailbreak, however work is underway to bring one to the public.
More importantly, it’s best to stay on the lowest possible firmware because Apple is continuously adding security patches in every update, sometimes cleverly disguised as “new feature” updates, and these close the vulnerabilities used for jailbreaking.
When the first iOS & iPadOS 15 jailbreak does finally drop, we expect that most teams will shift their focus to iOS & iPadOS 16 to begin the latest saga in attempting to crack Apple’s mobile operating system. But don’t expect anything any time soon.