SSL patch for jailbroken iPhones

Released at Cydia, isslfix ensures that those who use jailbroken iOS devices are safe from manipulated certificates. Apple fixed the SSL vulnerability when it released iOS 4.3.5 at the end of last month, but no persistent jailbreak for this version, or its predecessor 4.3.4, has so far become available.

The vulnerability can be exploited via man-in-the-middle attacks with manipulated certificates and allows attackers to listen to, and modify, an iOS device's encrypted data traffic. This is possible because iOS versions up to and including 4.3.4 don't check whether the issuer of a certificate is actually permitted to issue certificates – that is, whether the CA bit is set in the "Basic Constraints". As a consequence, anyone with a valid certificate can issue further certificates, for instance for paypal.com or for a user's bank, and iOS will accept these certificates as valid.

Visiting the iSSL Test web site will allow a user to check whether the patch is working. If the Safari browser issues a warning when opening the page, that means it has discovered the site's forged certificate. isslfix also blacklists various SSL certificates that were created illegitimately after an attack on the Comodo SSL Certificate Authority. This is only relevant for users running older versions of iOS, as Apple responded to this problem when releasing iOS 4.3.2.

Users with jailbroken iOS devices should also install PDF Patcher 2. It closes a critical hole in the FreeType library that can potentially be exploited to infect Apple devices with malicious code when visiting a specially crafted web site. The hole was discovered and published by comex, who used it for his Jailbreakme.com web site.

(ehe)