Developer releases jailbreak based on Checkm8 exploit for many iPhones
Developer Luca Todesco has released a jailbreak for the iPhone 5S to iPhone X and many iPads. The Checkra1n jailbreak is based on the Checkm8 bootrom exploit, which came out last month.
Checkra1n is currently in beta and Todesco warns that people should not use it on their primary device. The jailbreak works in principle on all devices with an Apple A11 soc and older. That is up to the generation of the iPhone 8 and iPhone X. The jailbreak does not work well on some devices, such as on the iPad Air 2. The jailbreak works on all recent iOS versions.
There are several restrictions on using the jailbreak. For example, it is a ‘semi-tethered jailbreak’ and the jailbreak is no longer there after a reboot. Also, all apps that work through the jailbreak are no longer on the device. In addition, the jailbreak is currently only available via macOS. A desktop is necessary, but there is no support for other operating systems. A Windows version of the jailbreak would follow later. A desktop is necessary, because the code for modifying the bootrom can only be written to the software via USB.
Checkra1n uses the Checkm8 exploit, which came out this fall. It takes its name from the unpatchable bug in iBoot, the bootrom of iOS devices. Since iOS 12, Apple has made exploiting that bug more difficult, but Checkra1n takes advantage of a new bug in the DFU mode of iOS devices, according to an explanation of the jailbreak. When the software exits DFU mode, it is possible to use the emptied data transfer buffer to get data to the phone.