Home Arrow Icon Knowledge base Arrow Icon Global Arrow Icon Which iPad models are supported by the checkm8 exploit for jailbreak


Which iPad models are supported by the checkm8 exploit for jailbreak


The checkm8 exploit, released by the security researcher axi0mX, is a bootrom-level hardware vulnerability affecting a range of Apple devices with A5 to A11 chips. This exploit enables jailbreak tools to gain low-level control of the device firmware by exploiting an unpatchable bootrom vulnerability, as the bootrom code is hard-coded into the chip and cannot be fixed via software updates. This has made checkm8 one of the most significant exploits in the iOS jailbreaking and forensic communities.

iPad Models Supported by Checkm8 Exploit

Checkm8 applies specifically to devices with Apple A5 through A11 chips. For iPads, this includes models starting with the iPad 2 (A5 chip) to various generations up to those incorporating the A11 Bionic chip. As such, the exploit affects a wide range of iPads, notably including:

- iPad 2, 3, and 4 (with A5 and later chips)
- iPad Mini 1, 2, 3, and 4
- iPad Air 1 and 2
- iPad Pro 1st generation and 2nd generation (including 9.7-inch and 12.9-inch models)
- iPad 5th, 6th, and 7th generations

The exploit also covers all iPod Touch models that share these vulnerable chips. Importantly, the iPad 7th generation was the last iPad model to have the checkm8 exploit vulnerability. After this model, new iPads such as the 8th generation and later are based on newer chipsets (A12 and beyond) that are not vulnerable to the checkm8 exploit.

Exploit Usage and Limitations for iPads

The checkm8 exploit is a bootrom-level attack launched through USB utilizing the Device Firmware Upgrade (DFU) mode, requiring physical device possession. It cannot be used for remote attacks. The exploit provides a way to jailbreak these devices by gaining low-level access to the boot process, which software-only exploits cannot achieve.

However, the use of checkm8 for jailbreak and forensic purposes has some important hardware and software considerations:

- While the exploit is OS-agnostic (meaning it can be applied regardless of the iOS or iPadOS version), Apple has introduced mitigations at the software level in newer versions that reduce the exploit's practical effectiveness.
- For example, iPad models such as iPhone 8 and later that use the A11 chip include Secure Enclave Processor (SEP) hardening measures in iOS 16 and beyond, which require removing device passcode or prevent file system access even after jailbreak.
- The exploit typically requires device reboot to re-apply (tethered jailbreak), meaning it is not persistent across reboots.

Software Support and Latest Status

As of 2025, checkm8 remains useful for jailbreaking iPads running iOS/iPadOS versions up to 15.5 and beyond in many cases. However, Apple's decision to drop support for the iPad 7th generation with iPadOS 26 means that no iPads with the checkm8 vulnerability will receive further major iOS updates, marking the sunset of the exploit's practical usability in future software environments.

Jailbreak tools like checkra1n and palera1n have leveraged checkm8 for their jailbreak implementations, supporting the exploit across iPads within the vulnerable chip range on compatible iOS versions. In October 2023, palera1n beta extended compatibility even to iOS 17 for several iPads up to the 7th generation.

Summary of iPad Model Support by Checkm8

The iPads supported by checkm8 exploit for jailbreak are primarily those with Apple A5 through A11 chips, spanning:

- Early iPad models: iPad 2, 3, 4
- Mini series: iPad Mini 1 through Mini 4
- Air series: iPad Air 1 and Air 2
- Pro series: 1st and 2nd generation iPad Pro, including 9.7" and 12.9" models
- Later full-size models: iPad 5th, 6th, and 7th generations

No iPad with A12 Bionic or later chips (starting with 8th generation and beyond) supports the checkm8 exploit.

Detailed Explanation of Checkm8 Exploit and Its Impact on iPads

Checkm8 is a permanent bootrom exploit. Because the bootrom is read-only memory on the device's chipset, Apple cannot patch this vulnerability through software or firmware updates. This permanence means each affected device remains theoretically vulnerable for its entire lifetime. The exploit offers an unprecedented level of control, allowing jailbreak and forensic tools to bypass standard iOS security measures by injecting code during the device boot sequence. This differentiates checkm8 from most previous jailbreak methods, which generally relied on software vulnerabilities that Apple could patch.

Given that Apple has drastically hardened security at the software level in recent years, the practical exploitation of checkm8 requires chain attacks involving bypassing software mitigations such as SEP protections for file system access. On many models, jailbreak tools can still jailbreak but have restricted access to certain security domains depending on iOS version and passcode status.

Longevity and Usefulness of Checkm8 on iPads

One hallmark of iPads is their longer hardware and software support life compared to iPhones of the same generation. iPads often remain in service in enterprise, educational, and creative environments years after release, which means the checkm8 exploit remains highly relevant for many devices still actively used, even as new iPads move beyond checkm8 vulnerability.

Because of these factors, the exploit has considerable forensic and research value, enabling low-level data extraction and forensic analysis on older but still operational devices. Various forensic toolkits, notably the Elcomsoft iOS Forensic Toolkit, have built deep integrations around checkm8 to exploit these hardware vulnerabilities safely and reliably.

Effect of iPadOS 26 and the Future of Checkm8

iPadOS 26 marks a pivotal moment as it drops support for the last remaining checkm8-vulnerable iPad, the 7th generation. This effectively ends the era where new iPads receive updates but remain vulnerable to checkm8. Apple's hardware progression beyond the A11 chip family means future iPads incorporate mitigations at the chip level to counter bootrom exploits like checkm8.

While critical patches may still be released for legacy checkm8-vulnerable devices, the practical jailbreak and forensic use cases will diminish as these devices fall out of mainstream support, and no newer hardware will have the vulnerability. Jailbreak developers and forensic experts will thus pivot to new exploitation methods tailored to the latest chip designs.

Conclusion

In summary, the checkm8 exploit supports all iPad models with Apple A5 through A11 chips, which includes:

- iPad 2 to iPad 4
- iPad Mini 1 to Mini 4
- iPad Air 1 and 2
- iPad Pro 1st and 2nd generations
- iPad 5th, 6th, and 7th generations

This broad range covers many generations of iPads, making checkm8 a versatile and highly impactful jailbreak and forensic exploit in the Apple ecosystem. However, iPads starting from the 8th generation (A12 chip and beyond) do not support checkm8. The exploit remains in use for forensic and jailbreak purposes on legacy iPads with iOS versions up to around iOS 16-17 but will see diminishing relevance as Apple ceases support for the last vulnerable devices and moves forward with newer, more secure architectures.