It appears that support for iOS and iPadOS 16 may arrive in the palera1n jailbreak based on the checkm8 bootrom exploit much sooner than originally thought.
A successful tfp0 (kernel task port) was achieved and demonstrated on a compatible phone running iOS 16.1.1 by Reddit user guacaplushy this week, and was later echoed by palera1n team member @bestdevelopr on Twitter.
Reaching tfp0 means reading and writing to kernel memory is now possible on iOS and iPadOS 16, but only on devices vulnerable to checkm8. It can work in tandem with the checkm8 exploit to provide a full-featured semi-tethered jailbreak, however most devices that will use it will not be able to use Touch ID, Face ID, or a passcode like they can. not currently on iOS or iPadOS 15 due to SEP restrictions.
The only checkm8-vulnerable devices capable of running iOS or iPadOS 16 include the following:
- iPhone 8
- iphone 8 plus
- iphone x
- iPad Pro 10.5 inch
- iPad Pro 12.9-inch (2nd generation)
The above list isn’t that long, but it’s notable for iPhone 8, 8 Plus, and X users who want to squeeze another jailbreak season out of their outdated phone with an unrepairable bootrom hardware exploit.
Unfortunately, reaching tfp0 means nothing for phones newer than the iPhone X, as the extra security measures implemented by Apple require additional workarounds and exploits to get and run a full jailbreak. This is an extreme task that requires the use of many different methods, making it unlikely that iOS or iPadOS jailbreaks will appear on new devices anytime soon.
The palera1n team initially stated that they made changes to iOS 16 at the end of November, so it will be interesting to see how everything fits together and how soon patient would-be jailbreakers can take advantage of their work.
Please note that the palera1n jailbreak is currently only for developers, however more people are starting to use it as it has no other option.