Go to , find the Phoenix profile, and tap Trust twice.
This public link is valid for 7 days and shares a thread, including any personal information you added. This link or copies made by others cannot be deleted. If you share with third parties, their policies apply. Can’t copy the link right now. Try again later.
By following this guide and taking the necessary precautions, you can unlock the full potential of your iOS 9.3.5 device and enjoy a more customized and feature-rich experience.
Install the Cydia HTTP Fetcher tweak or manually add modern community certificates to fix the outdated SSL handshake issues. Legacy Jailbreaking Safety Reminder
or Saurik's Cydia Impactor (if you have a paid developer account) installed on your computer. Installation Process ios 9.3.5 untethered jailbreak
: This is a persistent exploit that can be installed via Cydia after using a tool like Phœnix or Carbon to make the jailbreak permanent. The Traditional Path (Semi-Untethered)
This guide assumes you are using to achieve a fully untethered jailbreak.
Install the package and allow the device to perform a hard reboot.
Launch and wait for it to fully refresh its repositories. Go to , find the Phoenix profile, and tap Trust twice
The availability of a jailbreak for iOS 9.3.5 breathed new life into aging hardware. Because these devices were no longer receiving performance updates, they often felt sluggish. Jailbreaking allowed users to:
The story for 64-bit devices was much bleaker for nearly a decade, as most exploits were focused on the older 32-bit architecture.
After years of relying on semi‑untethered solutions, the iOS 9.3.5 jailbreak landscape has changed with the arrival of EverPwnage v2.0 and the iocaste untether. For owners of legacy 32‑bit Apple devices — many of which can no longer be updated beyond iOS 9.3.6 — this untethered jailbreak represents a powerful way to extend the usefulness of older hardware. Whether you choose the fully untethered route with EverPwnage or prefer the semi‑untethered flexibility of Phoenix, always remember to back up your device, understand the security implications, and install tweaks responsibly.
Siguza’s approach was a callback to earlier, more hardware-agnostic methods. He exploited a vulnerability in the way iOS handles resource properties (specifically in IOKit ), allowing for an arbitrary read/write primitive in the kernel. But to make it untethered, he bypassed KPP not by patching the kernel directly—which KPP would detect on the next reboot—but by patching the kernel’s data structures in memory only and then forcing a specific system daemon (which runs as root) to load a dynamic library. More importantly, the jailbreak embedded a bootstrap script into the filesystem that would be executed by launchd (the init process) early in the boot cycle. This script would then re-trigger the IOKit exploit before KPP had fully armed itself. If you share with third parties, their policies apply
Note: This does not actually downgrade; it upgrades you to 9.3.6 and patches the kernel.
This is the modern standard. The device boots into a non-jailbroken state. You must open an app on your screen and tap a button to trigger the exploit. If your battery dies or you restart, you must rerun the app. The Phœnix Jailbreak: The Real Solution
🔓 iOS 9.3.5 Jailbreak Status: Untethered vs. Semi-Untethered
After a successful jailbreak: