Ios 9.3 6 Jailbreak Untethered |verified| 〈2024〉

There is currently no official fully untethered jailbreak released for iOS 9.3.6. While some community projects like p0laris aimed to develop one, they remain unfinished or abandoned. 

Existing methods for iOS 9.3.6 are semi-untethered, meaning you must re-run a "kickstart" app every time your device reboots to reactivate Cydia and your tweaks.  Recommended Jailbreak Tools 

For 32-bit devices (iPhone 4S, iPad 2/3, iPad Mini 1, iPod Touch 5), the following tools are standard: 

Phoenix: The most common tool for these versions. It is semi-untethered and requires sideloading an IPA file.

kok3shi9: Often cited as more modern and reliable than Phoenix, with a higher exploit success rate.

p0laris: Another semi-untethered option developed specifically for legacy devices.  How to Jailbreak (Phoenix Method)  ios 9.3 6 jailbreak untethered

Since certificates for "no computer" methods are often revoked, using a computer is the most reliable way to install the jailbreak. 

---

Blog Post: The Holy Grail of Legacy iOS – Untethered Jailbreak for iOS 9.3 on iPhone 6

Posted by: iArchivist | April 18, 2026

If you’re reading this, you likely own a dusty iPhone 6 running iOS 9.3, or you’re a collector trying to breathe life back into Apple’s iconic 2014 hardware. For years, the jailbreak community has debated one question: Does a true, untethered jailbreak exist for iOS 9.3 on the iPhone 6?

The short answer is yes – but with some very important caveats.

Let’s dive into the state of the 9.3 untether, how it works, and whether it’s worth your time in 2026. There is currently no official fully untethered jailbreak

Guide for Group A: iPhone 4s, iPad 2, iPad 3, iPad Mini 1, iPod 5

Tool: Phœnix Jailbreak Type: Semi-untethered (See Note below)

Note: While Phœnix is technically semi-untethered (meaning you need to re-run the app after a reboot), iOS 9.3.5/6 is often widely considered the final "pwned4life" state for these specific 32-bit devices due to the limera1n/limera1n-esque bootrom exploits available for some models, making it very stable.

Requirements:

• A computer (Windows or Mac)
• Cydia Impactor (Download the latest version compatible with your OS)
• Phoenix .IPA file (Search for the official "Phoenix jailbreak iOS 9.3.5/9.3.6 IPA" on trusted sites like jailbreak.me or reddit.com/r/jailbreak).
• A USB cable for your device.

Instructions:

1. Backup: Connect your device to iTunes and perform a full backup.
2. Prepare the IPA: Download the Phoenix .ipa file to your computer.
3. Impactor: Open Cydia Impactor on your computer.
4. Connect: Plug your iOS device into your computer. Impactor should recognize it.
5. Sideload: Drag and drop the Phoenix .ipa file onto the Impactor window.
6. Sign In: Impactor will ask for your Apple ID and password. This is used to sign the app so it can run on your device. (If you have 2FA enabled, you will need to generate an App-Specific Password via appleid.apple.com).
7. Trust the Profile: Once the install finishes, go to your iOS device. Navigate to Settings > General > Profiles & Device Management. Find the profile with your Apple ID email and tap Trust.
8. Run Jailbreak: Go to your home screen and open the Phoenix app.
9. Execute: Tap the "Prepare for Jailbreak" or "Start" button. The app will exploit the system and install Cydia.
10. Respring: Your device will respring (restart the interface). Once it wakes up, you should see the Cydia icon on your home screen.

---

The Future: Will Anyone Release an Untether?

The jailbreak development community has moved on. The last untethered jailbreak for any version was iOS 9.0.2, released over eight years ago by Pangu (which they quickly patched in 9.1). Blog Post: The Holy Grail of Legacy iOS

Key developers (tihmstar, Siguza, Luca Todesco) have publicly stated that they have no interest in developing an untether for 9.3.6. The effort required to weaponize a new iBoot bug or bootrom exploit for a 32-bit device is immense, and there are no financial incentives (bug bounties for old firmware are zero).

Unless the checkm8 bootrom exploit (which is permanent and untethered for checkm8 devices) is backported to iOS 9.3.6, it will never happen. However, checkm8 requires a computer to send the exploit every boot—ironically making it tethered in practice.

5. Security Implications

The existence of a jailbreak for iOS 9.3.6 highlights the security risks associated with using End-of-Life (EOL) hardware.

1. No Security Patches: iOS 9.3.6 has not received security updates since 2019. The vulnerabilities used for jailbreaking are just a subset of the total known vulnerabilities affecting this firmware.
2. Sandbox Bypass: The exploit chain relies on a sandbox escape. A malicious app utilizing the same vulnerability could steal user data without the user's consent.
3. Mitigation: Users on these devices are advised to use the device strictly for offline or low-security tasks. Activation of the jailbreak increases the attack surface if the user installs unverified repositories.

---

2. The Missing KPP Bypass

On 64-bit devices, Apple introduced KPP (Kernel Patch Protection). iOS 9 on 32-bit devices does not have KPP, but it does have KASLR (Kernel Address Space Layout Randomization). While 32-bit devices are easier to exploit, untethered requires a bootrom-level exploit or a persistent kernel code injection that survives a reboot.

The last true untethered jailbreak for a 32-bit device was iOS 9.1 (Pangu9). Everything after 9.1 moved to semi-untethered because the exploits required to persist across reboots were burned by Apple or reserved for higher bounties.