iSSLFix Fixes SSL Exploit in iOS 4.3.5 and Lower, Cydia Download



The most notorious and by far easiest way to jailbreak your iOS device is to use JailbreakMe 3.0. However, the JailbreakMe jailbreak used a PDF exploit that Apple has since patched with 2 releases of iOS, 4.3.4 and 4.3.5. 4.3.4 fixed the PDF exploit and was not a recommended update if you used JailbreakMe to jailbreak your device. 4.3.5 was then released to fix other issues that were later found. Redsn0w can be used to jailbreak these iOS versions, but it is still a tethered jailbreak, so it is also not recommended.

The problem comes now that if you are not using either of the new versions of iOS, then you are still vulnerable to the fixes that Apple released because they are legitimate security issues. So along comes a tweak named “isslfix” that gives you the security fixes and still leaves your device jailbroken. Isslfix patches an SSL vulnerability without having to upgrade to Apple’s newest firmware. All that is needed is to install the package from Cydia and you will then have an updated security system, comparable to the current versions of iOS. The package is available in the Big Boss Repo and will require a device restart after installation.

You can test if your device is secure by going to the following webpage on your device:


https://issl.recurity.com

If the page comes up looking similar to the screenshot below (showing the HTTPS), then you are still vulnerable to the exploit.

If it gives you a warning and a continue screen, then you are protected from the exploit. Else, it is best to upgrade to a new iOS version to stay safe. This is also fixed in the iOS 5 Beta, so the isslfix is not needed if you are using the Beta. iOS 5 is expected to be released to all iPhone, iPad and iPod touch devices in the general public this fall.

David is a Systems Engineer by day and a Competitive Triathlete on the weekends. He is an avid Apple fan who also loves everything Google. He writes on everything and loves to share news with fellow techies.