Ios 9.3.5 Untethered Jailbreak Fix (2025)

As of 2026, a new fully untethered jailbreak has emerged for 32-bit A5/A6 devices on iOS 9.3.5, allowing devices to remain jailbroken after reboots. This process involves using tools like Sideloadly to install an untethered IPA file, or converting the existing Phoenix jailbreak to an untethered state via Cydia packages . For more detailed information, read the guide at

Method 1: Using Phoenix

For those who are new to jailbreaking, let's start with the basics. Jailbreaking is the process of removing software restrictions on an iOS device, allowing users to gain root access to the operating system. This enables them to install unauthorized apps, tweaks, and modifications that aren't available on the App Store. ios 9.3.5 untethered jailbreak

  • Security risks: Jailbreaking a device can expose it to security risks, as users are installing apps and tweaks from outside the App Store, which may not be thoroughly vetted.
  • Instability: Jailbreaking a device can also cause instability, as users are modifying the underlying software and installing third-party apps and tweaks that may not be compatible with the device.
  • Warranty: Jailbreaking a device can also void the warranty, as users are modifying the device in a way that is not supported by the manufacturer.

Persistence

Understanding the difference between these methods is key for legacy device maintenance: Phoenix / p0laris (Semi-Untethered) New 2026 Untether Lost upon reboot; requires "Kickstart" Remains active permanently Ease of Use High maintenance (7-day re-signing) Install once and forget Boot Time Normal, then manual activation Automatically applies patches at boot Practical Utility for Legacy Devices As of 2026, a new fully untethered jailbreak

Siguza’s approach was a callback to earlier, more hardware-agnostic methods. He exploited a vulnerability in the way iOS handles resource properties (specifically in IOKit ), allowing for an arbitrary read/write primitive in the kernel. But to make it untethered, he bypassed KPP not by patching the kernel directly—which KPP would detect on the next reboot—but by patching the kernel’s data structures in memory only and then forcing a specific system daemon (which runs as root) to load a dynamic library. More importantly, the jailbreak embedded a bootstrap script into the filesystem that would be executed by launchd (the init process) early in the boot cycle. This script would then re-trigger the IOKit exploit before KPP had fully armed itself. Security risks : Jailbreaking a device can expose