Ios 9.3.5 Untethered Jailbreak -

To answer the keyword directly: No, there is currently no public, stable, untethered jailbreak for iOS 9.3.5. The tools that exist (Phoenix, kok3shi) are semi-untethered, requiring a re-jailbreak after every reboot.

Do not let the clickbait videos fool you. If you want an untethered experience on that hardware, downgrade to iOS 8.4.1. If you must stay on 9.3.5 for app compatibility, embrace the Phoenix. It is stable, secure, and—given the age of the OS—the best you are going to get.

The era of truly untethered jailbreaks ended with iOS 9.0.2. iOS 9.3.5 is a testament to how far Apple’s security has come and how the modding community evolved to meet the challenge—not by breaking the chain, but by redefining what a "jailbreak" actually needs to be.

Disclaimer: Jailbreaking can void warranties, expose security risks, and violate Apple’s terms of service. This article is for educational and legacy preservation purposes only. Always back up your device before attempting any modification.

In early 2017, a hacker known as "Ziro" decided to honor Moonshine’s memory by leaking a treasure trove of his unfinished work. Hidden within that data was a "day-one" exploit—a powerful vulnerability known as a KPP (Kernel Patch Protection) bypass.

This was the holy grail. It was the key to an untethered jailbreak for 32-bit devices (the iPhone 5, 5c, 4s, and iPad 4) running iOS 9.1 through 9.3.4. ios 9.3.5 untethered jailbreak

But there was a problem: Apple had just released iOS 9.3.5. It was a small, quiet update, likely released specifically to patch the very vulnerabilities Moonshine had found. The community was stuck on 9.3.5, looking at the leaked code that worked perfectly on 9.3.4, unable to use it.

The iOS 9.3.5 untethered jailbreak is significant for several reasons. First, it proved that Apple’s most aggressively patched system could still be tamed. Second, it extended the life of 32-bit and older 64-bit devices (iPhone 4s, iPhone 5, iPad 2, iPad 3) that could not upgrade past iOS 9.3.5, allowing them to run modern tweaks and customization years after their official support ended.

More poignantly, the Phœnix jailbreak is considered the last true untethered jailbreak for a shipping version of iOS. After iOS 9.3.5, Apple introduced rootless security, APFS snapshots, and more robust KPP/KTRR (Kernel Text Read-Only Region) protections on the A11 chip and later. Subsequent jailbreaks—for iOS 10 through iOS 16—have been semi-untethered or semi-tethered (e.g., Electra, unc0ver, Taurine, Dopamine). As of 2026, no untethered jailbreak has been publicly released for any iOS version beyond 9.3.5.

In the world of iPhone modding, few phrases generate as much nostalgia and technical intrigue as "iOS 9.3.5 untethered jailbreak."

For users clinging to legacy devices like the iPhone 4s, iPhone 5, iPhone 5c, or the original iPad mini, iOS 9.3.5 represents the final, bittersweet chapter. It was the last version of iOS supported by these 32-bit classics. However, it is also infamous for being patched against the powerful Trident exploit chain—making it one of the most secure (and locked-down) versions of iOS ever released for that architecture. To answer the keyword directly: No, there is

But the question remains for collectors, gamers, and tinkerers: Does a true untethered jailbreak exist for iOS 9.3.5?

The short answer is complicated. The long answer requires a deep dive into exploit types, tool compatibility, and a major evolution in how we define "jailbreak."

Enter Siguza, a renowned security researcher and reverse engineer. He looked at the patched exploit and realized Apple hadn't fixed everything. The door was closed, but they had left a window open.

Siguza discovered that while the specific exploit Moonshine used was patched, the underlying vulnerability in the IOHIDFamily kernel extension remained viable. Apple had fixed the "trigger," but not the "gun."

For months, Siguza worked in the shadows. The goal was ambitious: to build the first truly untethered jailbreak for iOS 9.3.5. He wasn't just building a tool; he was resurrecting a dead era. He collaborated with other legends, including tihmstar and mbazaliy, to weaponize the exploit. In early 2017, a hacker known as "Ziro"

On January 24, 2017, the bomb dropped. Siguza released "Phoenix" (also known as "jalbreak" in its early iterations).

It was a miracle of engineering. It utilized the "extra_recipe" exploit to bypass Apple's securities and drop the payload. But it wasn't perfect yet. The initial release was a "semi-untether

Compatible Devices: iPhone 5, iPhone 5c, iPad 4, iPad Mini 1, iPad 2, iPhone 4s. Constraint: This requires a computer to re-sign the app every 7 days (unless you have a paid developer account). The jailbreak disables after a reboot.

Important Note on Reboots: If your device runs out of battery or you restart it: