Opa334 offers valuable insight into the state of jailbreaking following Linus Henze’s iOS 16.4 bug PoC

Just yesterday, Linus Henze published a proof of concept (PoC) demonstrating kernel bug CVE-2023-28206, which Apple patched in iOS & iPadOS 16.4.1 because it could purportedly grant arbitrary code execution by an app on an affected device.

Matrix code hacked iPhone.

As we mentioned in our original post, the bug is important, but not enough to make a jailbreak out of. Think of it as one of several puzzle pieces that are required to make one, with the other puzzle pieces including things such as PAC and PPL bypasses, a full-blown exploit, and a few other necessities.

Further clarifying what else would be required and the state of the jailbreak community in this day and age is TrollStore developer Lars Fröder, also known as @opa334, who just last night took to Twitter to share a string of Tweets with useful information for the community.

Opa334 comments on Linus Henze’s iOS 16.4 bug PoC.

Fröder is currently spearheading efforts to make Fugu15 Max, the working name for an arm64e device jailbreak that supports iOS 15.0-15.4.1, that is heavily based on Linus Henze’s Fugu15 developer-only jailbreak.

Fröder said that it would be wise for anyone who has an interest in jailbreaking to stay on iOS or iPadOS 16.4 or lower instead of upgrading to iOS or iPadOS 16.4.1, but he also noted the obvious fact that a jailbreak for anything newer than iOS or iPadOS 15.4.1 wouldn’t be released any time soon.

Obviously, staying on the lowest possible firmware and avoiding software updates is the best option, even if that isn’t iOS or iPadOS 16.4, and that’s because firmware released before iOS & iPadOS 16.4 have more security vulnerabilities that could potentially be used for jailbreaking than iOS & iPadOS 16.4 do.

Fröder said that to make a jailbreak, someone would need a proper exploit, a KRW technique, a PAC bypass, and a PPL bypass. He emphasized the last two, as they’re effectively required for jailbreaks on arm64e devices (anything newer than a iPhone X) these days. Unfortunately, they’re also few and far in between.

Fröder also addressed another elephant in the room: the large sum of questions asking whether it would have any impact on adding new firmware support to TrollStore.

The obvious answer to the question above is no because TrollStore depends on a unique CoreTrust bug that Apple has patched. No bug besides a CoreTrust bug can replicate what TrollStore is able to do, and therefore it won’t ever be updated to support newer firmware unless another CoreTrust bug is discovered, which is highly unlikely. We went over this in depth in a previous post.

At this time, it seems that Fugu15 Max for arm64e devices running iOS & iPadOS 15.0-15.4.1 is going to be the latest jailbreak for the iPhone XS and newer. Older A9-A11 devices running iOS & iPadOS 15.0-16.X can instead use palera1n, which harnesses the unpatchable checkm8 bootrom exploit.

It will be interesting to see if anyone comes up with a PAC and PPL bypass for some of the later versions of iOS & iPadOS, since jailbreak releases for later devices are contingent on those being released. But again, there’s no telling when that could happen — sooner or later.

What are your thoughts on the situation? Let us know in the comments section down below.