1. AmpedPotato's Avatar
    Ryan Petrich, a well-known Dev known for his tweaks such as Activator, Display Recorder, RetinaPad and Action Menu (among other things) has released a major security fix for the now-infamous "SSL Bug" on devices running iOS 6.0-6.1.5 as well as iOS 7.0-7.0.5. In case you live under a rock or something, let it be known that this is a MAJOR security flaw. It affects everything from Safari to Mail to potentially your favorite online banking app. For details on the security flaw, go here, here, here and here.

    Now obviously, the "easiest" way to fix this major flaw would be to update to iOS 7.0.6 either through OTA (Settings - General - Software Update) or through iTunes. Those of you still sporting the iPhone 3GS or in possession of the iPod Touch 4th Generation, you will need to update to iOS 6.1.6, the latest version of Apple's operating system available for these devices. However, if you are jaibroken, chances are you know that things aren't as simple as an OTA update or an iTunes update. Being jailbroken means that you must restore through iTunes to the latest version available, effectively performing a clean install. Then you must re-jailbreak (that is, if you're still into jailbreaking.) Then there's the task of making sure your tweaks are still compatible with the latest version of iOS. This can take hours. Not to mention if you have multiple jailbroken iDevices.

    I currently have an iPad 2 running iOS 5.1.1 jailbroken, and an iPhone 4S running iOS 6.1 jailbroken. I haven't had the time to update just yet. Meanwhile since the news broke about the major security flaw, I immediately stopped doing anything that normally relies on a working SSL layer for security. So I stopped doing pretty much everything except browsing the web on my iDevices until I could find the time to update.

    Luckily, a fix has arrived as a stop-gap measure until I find the time to update (I better get moving, the iOS 7 jailbreak could be closed any time now!)

    Now for the goods:

    SSL Security Fix for jailbroken users (VERY IMPORTANT for those still on iOS 6.0-6.1.5 or 7.0-7.0.5)-img_3712.png
    First I went to http://gotofail.com/ in Safari on my iPhone to check for the flaw. Sure enough, there it was!

    SSL Security Fix for jailbroken users (VERY IMPORTANT for those still on iOS 6.0-6.1.5 or 7.0-7.0.5)-img_3713.png
    Then I tried in Chrome. Looks like Chrome isn't vulnerable, even unpatched. That's good, but that doesn't mean squat when virtually every other app you use is potentially vulnerable!

    Alright, so now that we know we're vulnerable, now what? Well, if you are jailbroken and don't want to go through the hassle of updating just yet, here is a temporary solution:

    Start off by opening Cydia.

    SSL Security Fix for jailbroken users (VERY IMPORTANT for those still on iOS 6.0-6.1.5 or 7.0-7.0.5)-img_3716.png
    On the bottom menu tap Manage, then tap Sources (on iPad, simply tap Sources on the bottom menu.) Now tap Edit in the top-right corner, then tap Add in the top-left corner.

    SSL Security Fix for jailbroken users (VERY IMPORTANT for those still on iOS 6.0-6.1.5 or 7.0-7.0.5)-img_3714.png
    You should come up with a screen like the above. Type in "http://rpetri.ch/repo/" (without quotes) then tap Add Source.

    SSL Security Fix for jailbroken users (VERY IMPORTANT for those still on iOS 6.0-6.1.5 or 7.0-7.0.5)-img_3715.png
    Let Cydia do it's thing, then tap Return to Cydia when it finishes.

    SSL Security Fix for jailbroken users (VERY IMPORTANT for those still on iOS 6.0-6.1.5 or 7.0-7.0.5)-img_3717.png
    Now tap Search in the bottom menu and type in SSLPatch (or tap the suggestion when it comes up and save a few taps.)

    SSL Security Fix for jailbroken users (VERY IMPORTANT for those still on iOS 6.0-6.1.5 or 7.0-7.0.5)-img_3718.png
    You should now be on a page similar to this one. Tap Install in the top-right corner then tap Confirm.

    SSL Security Fix for jailbroken users (VERY IMPORTANT for those still on iOS 6.0-6.1.5 or 7.0-7.0.5)-img_3719.png
    Once again let Cydia do it's thing, then tap Reboot Device when it's finished. NOTE: It may say Restart Springboard instead of Reboot Device. If so, tap Restart Springboard.

    DONE!! Takes all of five minutes.

    SSL Security Fix for jailbroken users (VERY IMPORTANT for those still on iOS 6.0-6.1.5 or 7.0-7.0.5)-img_3720.png
    Now you can open Safari again and go to http://gotofail.com/ and confirm that this nasty bug has been squished. Looks like it worked for me!

    SSL Security Fix for jailbroken users (VERY IMPORTANT for those still on iOS 6.0-6.1.5 or 7.0-7.0.5)-img_3721.png
    Just for grins, I went back to that site again in Chrome, post-fix, just to see what it would say. It says pretty much the same thing it said before.

    Now, for the most part, with this patch installed you are temporarily safe. I say that because there are a couple caveats with this fix. This fix does not work in Safe Mode, so if your springboard crashes to safe mode, get out of safe mode ASAP (the latest version of iOS does not have this issue.) I'm still on iOS 6.1 (for now) and it's pretty obvious when you're in Safe Mode, with the popup and the Safe Mode label in the status bar. I thought I read somewhere that Safe Mode isn't near as obvious on iOS 7, that all it changes is the wallpaper or some such. Perhaps that's been updated, I don't know. Feel free to correct me if I'm wrong. If it's still not obvious, one could inadvertently do things thinking that they're secure when they're not because they're in Safe Mode. The other thing is that tweaks/apps that run as root will still have the vulnerability. Two examples would be Cydia and iFile. So you may want to hold off on purchasing apps through Cydia until you can update to the latest version of iOS. If you plan on upgrading to iOS 7, and also plan on jailbreaking, I strongly suggest doing so ASAP, as time is running out for the jailbreak.

    Another thing that I noticed is that out of the three sites I used to check my SSL, http://howsmyssl.com/ still failed in Safari on the iPhone running 6.1 even with the patch. However, https://www.imperialviolet.org:1266/ did not load which means it passed. Then of course, http://gotofail.com/ also passed. So I'm not sure what's going on there. As per usual, Chrome passes everything.

    The iPad 2 running 5.1.1 also passes everything in Safari, without the need for this patch. So those of you with an iPad 1 or an iPod Touch 3rd Generation, it sucks being stuck on 5.1.1 but at least it's safe (for now.) If you own anything older than the iPod touch 3rd Generation or the iPhone 3GS, well first of all I would like to congratulate you on holding out for so long, I guess you could save a lot of money by keeping a device for 5-6 years straight. It looks like this flaw was introduced in iOS 6 (almost 1.5 years ago!!) so your older devices running those old iOS versions are probably fine.

    So there you have it. Stay safe people!
    3cit, iOS Gravity, kataran and 1 others like this.
    02-24-2014 06:58 PM
  2. 3cit's Avatar
    Thanks dude.
    My two cents...
    UPDATE YOUR DEVICES KIDDIES!
    iOS Gravity likes this.
    02-24-2014 07:01 PM
  3. iOS Gravity's Avatar
    Thanks for the guide. Updating to iOS 7.0.6 is probably going to be the safest way since, it's an official fix.
    kataran likes this.
    02-24-2014 07:23 PM
  4. mike in nc's Avatar
    Hi, 4s with 6.1, I was getting ready to follow your instructions, but when I started cydia and the manage screen, now I get a different screen than the one you show. I now have to goto the home screen to see "more package Sources" Problem is not are the one you say go to, not sure if you have a work around for this, thanks
    02-24-2014 08:23 PM
  5. AmpedPotato's Avatar
    Hi, 4s with 6.1, I was getting ready to follow your instructions, but when I started cydia and the manage screen, now I get a different screen than the one you show. I now have to goto the home screen to see "more package Sources" Problem is not are the one you say go to, not sure if you have a work around for this, thanks
    What do you see in the manage screen? I'm using the latest version of Cydia so the icons look like iOS 7. If I recall correctly other than the icons the steps should be the same.

    Also, when you tap the manage button, try tapping it another time so it should put you back on the main manage screen.


    Sent from my iPhone 4S using Tapatalk
    02-24-2014 09:35 PM
  6. fastpitch_dad's Avatar
    Installed SSL patch yesterday on my jailbroken iPhone 5 and it worked according to test sight...


    Sent from my iPhone using Tapatalk
    02-24-2014 10:31 PM
  7. pr1nce's Avatar
    Thanks for the info.
    02-25-2014 12:13 AM
  8. mike in nc's Avatar
    ah, for some reason I kept getting the "Storage" screen when I went to "Manage" in Cydia. but got it going, thanks for the great information. It is really appreciated
    02-25-2014 10:38 AM
  9. 68Thibz's Avatar
    I'm reading that this "SSL Bug Patch" fix is just a temporary fix ... Just wanted some opinions since I'm new to the JB scene .. I have done the "SSL Bug Patch", but is the best recommendation is "I should do a new restore on my phone, do the software update (7.0.6) and then jailbreak again ??.. " Is this what most people are doing or just using the Patch ??..
    02-27-2014 06:36 AM
  10. 3cit's Avatar
    Everyone should update their devices to the latest firmware.
    Universal jailbreak means "get your sorry buttocks updated"

    Seriously ladies and gentleman, when the jailbreak works across all devices on the latest firmware a, UPDATE. Did I mention UPDATE? In case I forgot, UPDATE YOUR DEVICES.

    "My phone is set up the way I like it 3cit, I don't want to go through the hassle of updating it"

    While I appreciate the effort you have put into your current jailbreak and setup, I offer you this metaphor.
    A jailbreak is like a puppy. You need to nurture it and take care of it. Sometimes you gotta do stuff you don't like.

    probably a better metaphor.
    A jailbreak is like a cat. YOU work and live for IT. Not vice versa. Apple dropped a giant hairball on us with this security vulnerability. They scraped all the litter out if the box. They brought a dead bird to our door step. We need to clean it up.


    UPDATE YOUR DEVICES.
    sherlock likes this.
    02-27-2014 10:03 AM
  11. 68Thibz's Avatar
    Well I see you put a lot of time into,your your amazing manly forum toughness answer .. Big man to talk tough through a keyboard.. A simple yes you should update would have been fine .. Some of us have lives and don't live to tweak our phones .. This is a FORUM to help others, conversate about devices /tweaks and such .. Well I thought it was ... I guess it's just a website for pissing contest for their phones ... Thanks for all your help ...
    02-27-2014 09:02 PM
  12. sherlock's Avatar
    It can be a pain to update but as long as the OS is jailbreakable it's a no brainer for me. I had to restore 3 times with this one to get it completed. Was a pain but now I don't need to worry about it.
    02-27-2014 09:41 PM
  13. Lenerdosy's Avatar
    Oh maybe time to upgrade and redo my jailbreak then.
    02-27-2014 09:55 PM
  14. AmpedPotato's Avatar
    I'm going to upgrade both of my devices in the next few days. This fix is just until you find the time to upgrade. As I said in my OP, if you ever plan on being on iOS 7 and jailbroken, do it ASAP!
    68Thibz likes this.
    02-28-2014 12:07 AM
  15. 68Thibz's Avatar
    I'm going to upgrade both of my devices in the next few days. This fix is just until you find the time to upgrade. As I said in my OP, if you ever plan on being on iOS 7 and jailbroken, do it ASAP!
    Yea, I wasn't sure if the patch was a permanent fix or not... It's my bad for not reading all of the thread. . I will indeed to make time to update this weekend as well .. Thank you ..
    02-28-2014 06:34 AM
  16. sherlock's Avatar
    I'm going to upgrade both of my devices in the next few days. This fix is just until you find the time to upgrade. As I said in my OP, if you ever plan on being on iOS 7 and jailbroken, do it ASAP!
    I've learned to update fast if I'm going to. Apple can drop an update that will patch the jailbreak exploits at any time and stop signing the previous versions.
    02-28-2014 11:42 PM

Similar Threads

  1. Replies: 27
    Last Post: 04-09-2014, 05:59 AM
  2. Replies: 5
    Last Post: 02-25-2014, 04:07 PM
  3. Replies: 1
    Last Post: 02-24-2014, 04:48 PM
  4. iPhone 5s sounds alerts and makes calls on it's own
    By iMore Question in forum Ask a Question
    Replies: 1
    Last Post: 02-24-2014, 04:27 PM
LINK TO POST COPIED TO CLIPBOARD