Siguza’s approach was a callback to earlier, more hardware-agnostic methods. He exploited a vulnerability in the way iOS handles resource properties (specifically in IOKit ), allowing for an arbitrary read/write primitive in the kernel. But to make it untethered, he bypassed KPP not by patching the kernel directly—which KPP would detect on the next reboot—but by patching the kernel’s data structures in memory only and then forcing a specific system daemon (which runs as root) to load a dynamic library. More importantly, the jailbreak embedded a bootstrap script into the filesystem that would be executed by launchd (the init process) early in the boot cycle. This script would then re-trigger the IOKit exploit before KPP had fully armed itself.
Are you still rocking an iPhone or iPad running on iOS 9.3.5? Do you want to take your device to the next level by unlocking its full potential? Look no further! In this article, we'll dive into the world of iOS 9.3.5 untethered jailbreak, exploring what it is, how to do it, and what benefits and risks come with it. ios 9.3.5 untethered jailbreak