iSSLfix: SSL Vulnerability Patch for iOS Devices

New day, new patch in Cydia. iSSLfix patches the SSL vulnerability found in < iOS 4.3.5. With iOS 4.3.5, Apple fixed a security update with certificate validation, but this vulnerability is still present in earlier iOS versions.

To fix this problem, all you need to do is Load Cydia, and install iSSLfix ( free ) found in BigBoss’ repo. After, installation you need to reboot your device.

Because securityd is restarted, existing processes and daemons will lose their “connexion” to it and most calls to the Security framework (Keychain, cert validation, etc) will fail : iTunes wont be able to connect to the device, apps will be unable to access the keychain, etc. These issues should disappear after a device reboot. If securityd crashed (check /Library/Logs/CrashReporter/), remove the package (dpkg -r isslfix) before rebooting.

To test if your device is exposed to this vulnerability vist  ( from your device ) If your web browser allowed you to see this site via HTTPS without any warnings, your iDevice is vulnerable. If you see a warning message and the word “Continue” you will be safe.