axi0mX released a groundbreaking bootrom exploit called checkm8 around two weeks ago. This exploit, which uses an unpatchable vulnerability found in the bootrom of A5-A11 iOS devices, allows the execution of unsigned code at a very low-level thus making the creation of jailbreaks much easier since the boot process can be modified.
Checkm8 is currently doing wonders thanks to the work of big names such as Luca Todesco, s1guza, nullpixel, xerub and ih8sn0w

Over the last few days, Luca Todesco and other prominent iOS developers have been making lots of headway with the power that the checkm8 exploit gave them and these things include:

  • Control of the framebuffer at a low level which allows for printing text on screen & custom boot logos
  • Usermode code execution, the ability to obtain tfp0 and getting past AMFI
    • Dynamic patch finding is being used to do this which means that offsets are found on the fly thus reducing the work needed to port tools/hacks using checkm8 to other vulnerable devices

  • It is now possible to set the nonce generator via DFU mode thus making nonce setters effectively redundant
    • A concise tutorial on how this can be done is found here
    • Only the iPhone 5S and A10/A10X devices are supported as of right now

  • Downgrading the iPhone 5S (and soon, other compatible A7 devices) to iOS 10.3.3 as this version is still being OTA signed for certain devices.
    • A tutorial can be found here.

  • According to this tweet, checkra1n might be the name of an upcoming jailbreak tool which we may be seeing in the near future considering the progress that’s currently going on

Without a doubt, the things above are all pretty exciting and Luca Todesco said that some tools will be released as soon as a couple of known bugs are fixed. With this in mind and the vast amount of people working with Luca, we might see an iOS 13 jailbreak in the coming weeks which is truly reminiscent of the limera1n days!

http://wololo.net/2019/10/10/news-ps...-in-user-mode/