Latest update to palera1n-c jailbreak now supports iOS 16.4 & 16.4.1 on A9-A11 devices

The palera1n team updated the checkm8 bootrom exploit-based palera1n-c jailbreak tool to version 2.0.0 beta 6 early Thursday morning in a move that officially adds support for iOS & iPadOS 16.4 and 16.4.1.

palera1n adds support for iOS 16.4 and 16.4.1.

The latest palera1n-c update was announced in a Tweet via Twitter, shown above.

Citing the official change log, palera1n-c v2.0.0 beta 6 not only adds support for iOS & iPadOS 16.4 and 16.4.1, but also introduces some other changes. The full list of changes can be found in the change log below:


Loader has been rewritten in this beta, any issues that come around will be fixed in a later beta.
Able to jailbreak the device in fakefs-rootful mode, where / is writable, as well as rootless mode, where / cannot be written to.
On A11 devices, that is, iPhone 8, iPhone 8 Plus and iPhone X, the passcode cannot be used.
On A11 devices, on iOS 15, the passcode must be off while jailbroken.
On A11 devices, on iOS 16, the passcode must be off since restore, and “Reset All Contents and Settings” from settings app counts as a restore. A backup may be used in this case.


iOS 16.4 – 16.4.1 support
BindFS 16.0+ support
New rewritten loader app
Baked with bakera1n (?)

palera1n Loader

90%~ less in size (290kb) (approximate)
Fully rewritten loader in UIKit, with some localisations for Chinese and Japanese
Loader creates a randomized string jb-XXXXXXXX that would contain the procursus folder, similar to Dopamine
A lot of debugging info
Download progress bar
Hide environment option, for jailbreak detection (on rootless)
Updated bootstraps

Other device-side changes

For existing rootless installs, your procursus folder will now include having a randomized string
^ /private/preboot/uuid/procursus to /private/preboot/uuid/jb-XXXXXXXX/procursus
Missing /var/jb symlink will be moved when jailbreaking rootless
cfprefsd hook for rootless

Verbose changes

Creating FakeFS / BindFS will be more noticeable for the user

CLI changes

Update credits

Known Issues

If stuck at booting pongoOS or found Pongo USB mode device, Ctrl+C, type exit, then retry, don’t reboot the device. It happens on A9 and older devices. If it still doesn’t work, you can also try unplugging and replugging the device.
( Rootful ) Make sure you created fakeFS/bindFS before jailbreaking with rootful, or else you’ll also be stuck on the pongoOS screen.
Using libhooker-oss will kill launchd

In comments shared to the palera1n Discord server, we also learned that the palen1x bootable installer that can be used on Windows PCs was also updated to version 1.0.9 with similar changes. The comments also revealed that this would likely be one of the last updates for rootful, as rootless development will be the palera1n team’s priority going forward.

The move to add iOS & iPadOS 16.4 and 16.4.1 support comes almost three weeks after Apple released iOS & iPadOS 16.4.1 to the general public. The update patched security flaws and bugs in the mobile operating system.

Because the palera1n jailbreak tool depends on the checkm8, the exploit resides in affected devices’ hardware rather than the software. This means that Apple can’t patch the exploit and that developers will be able to make jailbreaks for these devices for life, even on the latest firmware.

If you’re already a palera1n-c user on an earlier version of iOS or iPadOS, then you can safely update to iOS or iPadOS 16.4.1 and resume your jailbreak activities. There are a lot of benefits to being on the latest firmware when it can be jailbroken, including having the latest security fixes and features.

If you have an arm64e device with an A12 chip or later (iPhone XS or newer), then you can’t yet jailbreak iOS or iPadOS 16.4.1 and should disregard any updates and instead stay on the lowest possible firmware since palera1n doesn’t apply to you.

Also read:

Are you excited about palera1n-c adding support for the latest versions of iOS & iPadOS? Let us know in the comments section down below.