+ Reply
Page 1 of 3 123 LastLast
Results 1 to 20 of 42

Your favorite Apple, iPhone, iPad, iOS, Jailbreak, and Cydia site.


Thread: Cydia Package isslfix Fixes SSL Vulnerability For iOS < 4.3.5

is a discussion within the

iPhone News

forums, a part of the

General iPhone

section;
With the release of JailbreakMe 3.0 and Apple's response, iOS has been updated twice in order to patch the JailbreakMe exploit and other vulnerabilities. As mentioned in the iOS 4.3.4
...
  1. #1
    MMi Staff Writer Joshua Tucker's Avatar
    Join Date
    May 2011
    Location
    California
    Posts
    708
    Thanks
    54
    Thanked 107 Times in 55 Posts

    Default Cydia Package isslfix Fixes SSL Vulnerability For iOS < 4.3.5


    With the release of JailbreakMe 3.0 and Apple's response, iOS has been updated twice in order to patch the JailbreakMe exploit and other vulnerabilities. As mentioned in the iOS 4.3.4 article, updating to iOS 4.3.4 is not recommended as it only fixes the PDF exploit that JailbreakMe used. From there, Apple once again released a new version, 4.3.5, to patch other issues that were found. Although redsn0w is now able to jailbreak both 4.3.4 and 4.3.5, it is also not recommended as you will have to deal with a tethered jailbreak.

    Now: In Apple's current releases, there were things that were patched that were actually "legitimate" fixes (not in response to JailbreakMe 3.0). The problem is, if you're sticking jailbroken, you aren't able to get this security updates without having to upgrade and lose an untethered jailbreak. This issue has now been solved by jan0 (@0naj) who recently released a package called "isslfix" on Cydia.

    In the most basic terms, isslfix patches an SSL vulnerability known as CVE-2011-0228 without having to upgrade to the latest firmwares. All you simply need to do is install isslfix from Cydia and you will have the same protection that the later iOS firmwares offer.

    More detailed information can be found at jan0's GitHub page, along with information on how to check to see if you're vulnerable or not and how to deal with issues if they do arise.

    Read this article from The Recurity Lablog that explains the CVE-2011-0228 vulnerability:

    You have two options to install isslfix:
    • Install isslfix directly off Cydia from the BigBoss repo
    • Install the isslfix .deb file and follow the installation instructions in the Readme on the GitHub page

    Note: Rebooting your device will be required after installation.

    To test and see if you're vulnerable (or if you're protected with this package), visit the following website on your iDevice:

    https://issl.recurity.com/

    If what comes up looks anything like the picture below (showing the HTTPS), you're vulnerable.



    However, if it gives you a warning and a "Continue" screen before viewing the page, that means you're protected.

    Note: The iOS 5 beta already patches this so there is no need to install isslfix on any iOS 5 beta firmware.

    If you wish to read support documents from Apple discussing the different security updates from the firmwares at hand, read below:

    iOS 4.3.4
    iOS 4.3.5

    Keep up to date on information about this new fix by following jan0 on Twitter.

    Source(s): jan0 - GitHub, jan0, Apple, The Recurity Lablog
    Last edited by Joshua Tucker; 08-11-2011 at 03:15 PM.

  2. #2
    My iPhone is a Part of Me luvmytj's Avatar
    Join Date
    Jul 2008
    Location
    New York
    Posts
    647
    Thanks
    32
    Thanked 66 Times in 52 Posts

    Nice work!

  3. #3
    The Jack White of Photoshop Hosko817's Avatar
    Join Date
    May 2011
    Location
    Wisco
    Posts
    952
    Thanks
    2,033
    Thanked 1,137 Times in 411 Posts

    can somebody explain this in plain English if this is a necessary fix and why?

  4. #4
    Green Apple
    Join Date
    May 2008
    Posts
    40
    Thanks
    4
    Thanked 0 Times in 0 Posts

    Quote Originally Posted by Hosko817 View Post
    can somebody explain this in plain English if this is a necessary fix and why?
    Someone can hack your iDevice? I think itīs recommended to install this fix if you are on iOS 4.3.3 and jailbroken.

  5. #5
    iPhone? More like MyPhone Italia411's Avatar
    Join Date
    Jan 2011
    Location
    upstate NY
    Posts
    168
    Thanks
    0
    Thanked 5 Times in 4 Posts

    I keep getting the server can not be found when I try and access the link above.

  6. #6
    Livin the i raduga's Avatar
    Join Date
    May 2009
    Posts
    1,631
    Thanks
    228
    Thanked 94 Times in 85 Posts

    Quote Originally Posted by wohhey View Post
    Someone can hack your iDevice? I think itīs recommended to install this fix if you are on iOS 4.3.3 and jailbroken.
    I'd recommend that you install, if you are on iOS 4.3.3 or earlier, whether you're jailbroken or not.
    Though, only jb people are actually able to :/

  7. #7
    Mes
    Mes is offline
    Livin the iPhone Life
    Join Date
    May 2008
    Posts
    8,025
    Thanks
    102
    Thanked 788 Times in 731 Posts

    Nice work 0naj

    And nice write-up Josh

  8. #8
    MMi Staff Writer Joshua Tucker's Avatar
    Join Date
    May 2011
    Location
    California
    Posts
    708
    Thanks
    54
    Thanked 107 Times in 55 Posts

    Quote Originally Posted by Mes View Post
    Nice work 0naj

    And nice write-up Josh
    Thanks my good sir. I agree, awesome job 0naj!

  9. The Following User Says Thank You to Joshua Tucker For This Useful Post:

    mmaboi21 (08-11-2011)

  10. #9
    iPhone? More like MyPhone
    Join Date
    Aug 2010
    Location
    Wisconsin
    Posts
    196
    Thanks
    81
    Thanked 12 Times in 11 Posts

    Nicely done! It works!

  11. #10
    Super Galactic Moderator Orby's Avatar
    Join Date
    Aug 2010
    Location
    Omicron Persei Eight
    Posts
    5,669
    Thanks
    40
    Thanked 569 Times in 520 Posts

    This package is now available on BigBoss...

    Click me on your jailbroken iDevice!

    This exploit is based off the fact that intermediate X.509 certificates are not fully validated by iOS before being declared valid--specifically the "Basic Constraints" field.

    One of the X.509 certificate's fields is "Basic Constraints" which contains things such as what the certificate is valid for (e.g., code signature, S/MIME, SSL/TLS, etc.) and whether or not the certificate represents a Certificate Authority.

    The iSSL certificate (issued by iCA, one of Apple's cert authorities) Basic Constraints field reads:

    Code:
    Not Critical
    Is a Certificate Authority
    Maximum number of intermediate CAs: unlimited
    Apple did NOT sign a certificate like that. It was edited by the hackers; thereby breaking the original signature on the certificate. However, since iOS didn't check that signature, this certificate was accepted as valid.

    Since all iOS applications rely on the same framework (securityd) to access SSL/TLS connections, one fake certificate, set to accept any server (*.*, *.*.* etc.) could be used to intercept any and all data sent by the iPhone to a server of the exploiter's choice (a Man in the Middle attack).
    Last edited by Orby; 08-11-2011 at 04:41 PM.

  12. The Following 2 Users Say Thank You to Orby For This Useful Post:

    Mes (08-11-2011), mmaboi21 (08-11-2011)

  13. #11
    Livin the iPhone Life R.Mortera's Avatar
    Join Date
    Aug 2011
    Location
    No where near you
    Posts
    1,354
    Thanks
    293
    Thanked 196 Times in 133 Posts

    Thanks, downloaded the pkg, checked and not vulnerable. (it asked to continue)

  14. #12
    Starbucks Artist mmaboi21's Avatar
    Join Date
    Jan 2011
    Location
    Bakersfield CA.
    Posts
    2,402
    Thanks
    162
    Thanked 207 Times in 160 Posts

    I am so glad that the updates in the future will not rely on restore's.
    Nice work

  15. #13
    iPhoneaholic
    Join Date
    Dec 2009
    Posts
    393
    Thanks
    1
    Thanked 18 Times in 16 Posts

    I get 403 forbidden error. Am I protected?

  16. #14
    Mes
    Mes is offline
    Livin the iPhone Life
    Join Date
    May 2008
    Posts
    8,025
    Thanks
    102
    Thanked 788 Times in 731 Posts

    Quote Originally Posted by xclusiveiphone View Post
    I get 403 forbidden error. Am I protected?
    Try using https (not http)

    Quote Originally Posted by Orby View Post
    ... (a Man in the Middle attack).
    You're the man
    Last edited by Mes; 08-11-2011 at 05:57 PM.

  17. #15
    My iPhone is a Part of Me
    Join Date
    Dec 2007
    Location
    Oklahoma
    Posts
    620
    Thanks
    26
    Thanked 75 Times in 72 Posts

    Note about iOS5 beta part of the OP: If you are on iOS beta 3 or lower jailbroken (some JB-ed 3GS with the 6.15.00 iPad baseband can't do beta 4-5 until SB is updated), then you're still vulnerable and should also install this patch.

    I tried the site and found it to be true for beta 3.
    Member of the hackint0sh forums.
    HowardForums Member: Haas_Dave

  18. #16
    What's Jailbreak? ActionMax09's Avatar
    Join Date
    Aug 2011
    Location
    Georgia
    Posts
    22
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Quote Originally Posted by Italia411 View Post
    I keep getting the server can not be found when I try and access the link above.
    Me as well, you are not alone.

  19. #17
    Green Apple kschong710's Avatar
    Join Date
    Jul 2011
    Posts
    51
    Thanks
    4
    Thanked 0 Times in 0 Posts

    i using 4.3.3 JB and just follow install issl.recurity
    the outcome is same with the image that post.
    without error did it mean i`m vulnerable?

  20. #18
    What's Jailbreak?
    Join Date
    Aug 2010
    Posts
    9
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Quote Originally Posted by kschong710 View Post
    i using 4.3.3 JB and just follow install issl.recurity
    the outcome is same with the image that post.
    without error did it mean i`m vulnerable?
    Wierd cuz I'm experiencing the same issue. I checked that page first to confirm I was volnerable then installed which forced reboot but still get page wo it asking to continue or not

    Quote Originally Posted by ronw View Post
    Wierd cuz I'm experiencing the same issue. I checked that page first to confirm I was volnerable then installed which forced reboot but still get page wo it asking to continue or not
    Nm, cleared history and closed old page and it worked fine
    Last edited by ronw; 08-11-2011 at 08:42 PM.

  21. #19
    iPhone? More like MyPhone Mista Brothason's Avatar
    Join Date
    Mar 2009
    Location
    Canada
    Posts
    202
    Thanks
    12
    Thanked 20 Times in 17 Posts

    Should we install if we're on 4.2.1?
    64 GB iPhone 4S on 5.1.1 Jailbroken & Unlocked
    64 GB iPad 3 on 5.1.1 Jailbroken

  22. #20
    iPhoneaholic
    Join Date
    Dec 2009
    Posts
    393
    Thanks
    1
    Thanked 18 Times in 16 Posts

    Quote Originally Posted by Mista Brothason View Post
    Should we install if we're on 4.2.1?
    Yes, but I'm not quite sure if it will add more "security" to our phones.

  23. The Following User Says Thank You to xclusiveiphone For This Useful Post:

    Mista Brothason (08-12-2011)

Posting Permissions
  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts