Just yesterday, Linus Henze published a proof of concept (PoC) demonstrating the kernel bug CVE-2023-28206, which Apple fixed in iOS and iPadOS 16.4.
As we mentioned in our original post, the bug is important, but not enough to make a jailbreak out of it. Think of it as one of several pieces of the puzzle that are needed to create it, and the other pieces of the puzzle include things like bypassing the PAC and PPL, a full exploit, and a few other necessary things.
Further clarification on what else is required and the state of the jailbreak community these days is TrollStore developer Lars Fröder, aka @opa334, who just took to Twitter last night to share a string of tweets with helpful information for the community.
Freder said that it would make sense for anyone interested in jailbreaking to stay on iOS or iPadOS 16.4 or lower instead of updating to iOS or iPadOS 16.4.1, but he also noted the obvious fact that a jailbreak for anything newer than iOS or iPadOS 15.4.1 will not be released anytime soon.
Obviously, staying on the lowest possible firmware and avoiding software updates is the best option, even if it’s not iOS or iPadOS 16.4, and this is because firmwares released before iOS and iPadOS 16.4 have more security vulnerabilities that could potentially be exploited for a jailbreak than iOS and iPadOS 16.4 do.
Froeder said that in order to jailbreak, someone would need the right exploit, the KRW technique, the PAC bypass, and the PPL bypass. He highlighted the last two as they are actually required for jailbreaking on arm64e devices (anything newer than the iPhone X) these days. Unfortunately, they are also very few.
Freder also addressed the other elephant in the room: a large number of questions about whether this will affect the addition of support for new firmware in the TrollStore.
The obvious answer to the above question is no, because TrollStore depends on a unique CoreTrust bug that Apple has fixed. No bug other than a CoreTrust bug can reproduce what TrollStore can do, and so it will never be updated to support newer firmware unless another CoreTrust bug is found, which is highly unlikely. We covered this in detail in a previous post.
For now, it seems that Fugu15 Max (working title) for arm64e devices running iOS and iPadOS 15.0-15.4.1 will be the last jailbreak for iPhone XS and newer. Instead, older A9-A11 devices running iOS and iPadOS 15.0-16.X can use palera1n, which uses the uncorrectable checkm8 bootrom exploit.
It will be interesting to see if anyone comes up with a PAC and PPL bypass for some of the later versions of iOS and iPadOS, as jailbreak releases for later devices vary by release. But again, it is not known when this can happen – sooner or later.
What do you think of the situation? Let us know in the comments section below.