We have some pretty great news for anyone that stayed on iOS or iPadOS 16.5.1 or below on their A12 or newer device. As it would appear, staying on the lowest possible firmware and avoiding software updates despite the many temptations really does have its perks!
In a post shared to X (formerly Twitter) early Monday morning, hacker and security researcher Boris Larin (@oct0xor) said that a jailbreak and kernel debugging features are coming to A12-A16-equipped iPhones and iPads running iOS or iPadOS 16.5.1 or lower.
If released, which certainly appears to be the intent, then this would be the first iOS & iPadOS 16 jailbreak for arm64e devices to date. Even more interesting is the fact that it doesn’t appear to use the Kernel File Descriptor (kfd) exploit.
The post included a screenshot showcasing the accomplishment, which appears to be picking up traction in the jailbreak community:
Already, Dopamine jailbreak lead developer Lars Fröder (@opa334dev) and even the RootHide development team (@roothidedev) have commented about the news.
Fröder is now considering whether to continue their plans to work on Dopamine 2 now that there could be a new option in town, however we think that a Dopamine 2 release would be beneficial for a myriad of reasons, such as the fact that it could support even newer firmware if a newer PAC or PPL bypass were made available.
As for bypasses, this upcoming jailbreak teased by Larin appears to utilize a KTRR (kernel text readonly region) bypass, which is even more powerful than either a PAC or PPL bypass. This means that any jailbreak made with it could be especially powerful too. For example, the RootHide development team says that the KTRR bypass could assist with evading jailbreak detection.
Google Project Zero explains what KTRR is and why it exists in a GitHub document:
KTRR was introduced with the A10 as a means of locking down critical kernel data (including all executable code) to prevent it from being modified, even by an attacker with a kernel memory read/write capability.
The news about this upcoming jailbreak will be particularly bittersweet for anyone who just recently DelayOTA-updated to iOS or iPadOS 17.0 to use TrollStore 2 on the latest compatible firmware, as the new jailbreak announcement does not appear to encompass any firmware newer than iOS or iPadOS 16.6.
At this time, there isn’t an ETA for a release, but it’s certainly a nice surprise for many on Christmas day to learn that there will be a jailbreak coming for firmware that hasn’t seen a jailbreak on modern devices for a particularly long time.
Are you excited to see what happens after today’s announcement? Be sure to let us know down in the comments section below.