It looks like iOS & iPadOS 16 support could be coming to the checkm8 bootrom exploit-based palera1n jailbreak a lot sooner than originally anticipated.
Successful tfp0 (kernel task port) has been achieved and demonstrated on a compatible handset running iOS 16.1.1 by Reddit user guacaplushy this week, and was later echoed by palera1n team member @bestdevelopr on Twitter.
In a private message, @bestdevelopr confirmed that the device was an iPad (6th generation) running iPadOS 16.1.1.
The tfp0 achievement means that reading and writing to the kernel memory is now possible on iOS & iPadOS 16, but only on checkm8-vulnerable devices. It can work in tandem with the checkm8 exploit to provide a fully-functioning semi-tethered jailbreak, however most devices that will take advantage of it won’t be able to use Touch ID, Face ID, or a passcode, just as they can’t currently on iOS or iPadOS 15 due to SEP limitations.
The only checkm8-vulnerable devices capable of running iOS or iPadOS 16 include the following:
- iPhone 8
- iPhone 8 Plus
- iPhone X
- iPad (5th generation)
- iPad (6th generation)
- iPad (7th generation)
- iPad Pro 10.5-inch
- iPad Pro 12.9-inch (2nd generation)
- iPad Pro 12.9-inch (1st generation)
The list above isn’t that long, but it’s notable for iPhone 8, 8 Plus, and X users who wish to squeeze another season of jailbreaking out of their aging handset with an unpatchable hardware-based bootrom exploit.
Sadly, the tfp0 achievement means nothing for handsets newer than the iPhone X since additional security mitigations implemented by Apple require additional bypasses and exploits to get a full jailbreak up and running. This is an extreme challenge that requires the burning of a lot of different techniques, which makes it unlikely that newer devices will see an iOS or iPadOS jailbreak anytime soon.
The palera1n team originally said they had gotten tweaks working on iOS 16 at the end of November, so it should be interesting to see how everything meshes together and how soon patient prospective jailbreakers will be able to take advantage of their work.
Please note that the palera1n jailbreak is currently only intended for developers, however a growing number of people are beginning to use it amid no other option.