14 DAY TRIAL // An unofficial patch for a critical SSL vulnerability found in iOS has been released on Cydia, the app store used by people with jailbroken iDevices.
Called 'isslfix' the patch addresses CVE-2011-0228, a very serious vulnerability that compromises the confidentiality and security of SSL/TLS traffic.
The flaw stems from a failure to check the "Basic Constraints" value of digital certificates which defines if they belong to a Certificate Authority (CA) or a regular organization.
This is important because CA certificates can be used to sign other certificates. By failing to check this, iOS validates any certificate, even if it is not signed by a trusted CA.
In other terms, any SSL certificate owner can use his certificate to sign one for, say, paypal.com which iOS would treat as valid.
This vulnerability is very dangerous can be exploited with freely available tools to perform undetectable man-in-the-middle attacks leading to the theft of senstive data.
The falw was reported to Apple by Gregor Kopf of Recurity Labs and Paul Kehrer of Trustwave's SpiderLabs, and was patched back in July in iOS 4.3.5 and 4.2.10.
Because there is no tethered jailbreak solution available for those iOS versions yet, owners of jailbroken devices were left unprotected. Applying the new isslfix as soon as possible is highly recommended.
After installing the patch users can test if it works by visiting the iSSL Test web site using the Mobile Safari browser. If the fix is working, users should see a certificate warning.
Owners of jailbroken iDevices should also install the PDF Patcher 2, also served through Cydia. This contains a patch for the critical FreeType vulnerability exploited by Comex's JailbreakMe website. After the device is jailbroken this flaw should be addressed in order to prevent malicious attackers from exploiting it