Fifth Fugu15 Max jailbreak public beta now available for testing

Developer Lars Fröder (opa334), known not only for making the popular TrollStore perma-signing utility, but also for efforts to make the Fugu15 jailbreak for arm64e devices running iOS & iPadOS 15.0-15.4.1 functionally stable for end users, an effort currently being dubbed Fugu15 Max for the time being, announced a fifth beta of the Fugu15 Max project on Wednesday.

Fifth Fugu15 Max public beta released by opa334.

The announcement, made via Twitter and depicted in the screenshot above, reveals that the fifth beta of Fugu15 Max has “basically everything now except for user friendliness and userspace hooks.” Nevertheless, Fröder still only recommends the beta for developers to test at this point in time.

Citing the official change log on the project’s GitHub page, we can gather that Fugu15 Max beta 5 incorporates the following changes and/or improvements:


– Add support for userspace reboots (NOTE: As this is still a beta mainly intended for developers, you have to manually userspace reboot after jailbreaking)
– Fix AutoFill not working after respring
– Fix function hooking and tweak injection into processes with very hard sandboxed (e.g. WebContent)
– Fix some device / version combinations not being supported (namely iPad 8 on 15.1)
– Update bootstrap to latest
– Improve system wide hook to always respect safe mode and keep libary out of DriverKit and BlastDoor processes
– Prevent tweak injection into processes that could use fork, as hooking C functions in a process currently breaks fork from working, a proper fix for this is still pending
– Add default repos (Chariz, Havoc,, BigBoss)
– Fix memory leaks in jailbreakd
-Fixes SSH as mobile
– jbupdate functionality, /var/jb/basebin/jbctl update tipa <path/to/Fugu15.tipa> or /var/jb/basebin/jbctl update basebin <path/to/basebin.tar>, note that updating to a TIPA also updates basebin but depends on TrollStore being installed on the device
– Update fallback ellekit for launchd hook, properly implement fallback using rpaths
– Delete more Xina leftover Xina files on jailbreak
– Lots of stability improvmeents

Known Issues:

– For some users, Sileo crashes on launch, there is no current fix or workaround for this, a proper fix is pending by Sileo developers
– On some versions, doing anything in Zebra crashes, there is no current fix or workaround for this, a proper fix is pending by Zebra developers
– When something hooks a C function system wide, userspace reboots will get stuck, the root cause for this is unknown
– Spinlock panic, no idea what causes this, might be a late side effect by one of the exploits
– Some sort of race condition pmap panic, no idea what causes this either, but I think this is probably a bug in the environment somewhere
– Launchd crash panic, proper crash logger for debugging is still not implemented
– On 15.0 – 15.3.1, you need to fully disable wifi while jailbreaking


– Final jailbreak will have a different name
– This jailbreak is rootless; rootful packages are not supported
– Default password for root: alpine (you need to install openssh from package manager)
– The only known bootloop issue is when you delete some system files in /private/preboot yourself, so don’t do that?

For Tweak Developers:

– Update theos to latest, then you can build for rootless via THEOS_PACKAGE_SCHEME=rootless
– Store/load preferences either via cfprefsd APIs or inside /var/jb/var/mobile/Library/Preferences (there will be a cfprefsd hook in the final jb to redirect all non stock stuff to that path)
– You need to compile everything for rootless
– All dependencies have to be compiled for rootless and stored in $THEOS/lib/iphone/rootless
– You need to put every former root path you access through the macros defined in rootless.h
– You need to compile with Xcode 12 or newer, otherwise your dylib will crash the process (if you don’t want to loose iOS 12 / 13 arm64e support, you still need to compile your rootful packages with Xcode 11)
– There currently is a theos bug where rootless libraries cannot link against other rootless libraries
– No rocketbootstrap / IPC (yet? ever? who knows?)

If you’re already using the Fugu15 Max public beta as a regular user, even despite Fröder’s suggestion that you don’t, then you should probably upgrade to the latest version to have the latest patches. Otherwise, you should continue to wait for a public release instead of using the public beta, since it’s only intended for developers who may want to test it or prepare their jailbreak tweaks to work on it.

Fugu15 Max is only the working name of this project, and it’s effectively an attempt to make Linus Henze’s Fugu15 jailbreak into a user-friendly jailbreak with a GUI, tweak injection, a fix for the dreaded Wi-Fi bug, and other polishing factors. When officially out of beta, Fröder is expected to give the jailbreak a new name.

Since Fugu15 Max is only for arm64e devices running iOS & iPadOS 15.0-15.4.1, this means it’s only intended to work with the iPhone XS and newer on the aforementioned firmware versions. Anyone with an iPhone X or older running iOS or iPadOS 15.0-16.x, will need to use the checkm8 bootrom exploit-based palera1n jailbreak instead.

The latest Fugu15 Max public beta can be had from the project’s official GitHub page. Don’t download the tool from any other sources for your own safety.

Are you excited to see the Fugu15 Max jailbreak making advances? Let us know in the comments section down below.