Apple had released iOS 4.3.4 to fix the vulnerability used by JailbreakMe 3.0, which was one of the easiest solutions to jailbreak iPhone, iPad and iPod Touch. Comex had also released a patch called PDF Patcher 2 on Cydia to fix the vulnerability associated with viewing malicious PDF files.
It was meant for users you didn’t want to upgrade to iOS 4.3.4, but also didn’t want to be exposed to the security vulnerability.
However, Apple quickly followed it up by releasing iOS 4.3.5 for iPhone, iPad and iPod touch to fix the security vulnerability for certification validation. This meant that users who had jailbroken their iPhone, iPad or iPod touch using JailbreakMe 3.0, but didn’t want to upgrade to iOS 4.3.5 were exposed to the security vulnerability with certificate validation.
The goods news for these users is that a new jailbreak tweak called iSSLfix has just been released on Cydia that fixes the security vulnerability with certificate validation, thus bringing them on par with iOS 4.3.5.
Here’s a quick description of the fix from Cydia:
Fix for iOS SSL vulnerability CVE-2011-0228 for iOS < 4.3.5 + stoen Comodo certificates blacklist for iOS < 4.3.2
You can follow these instructions to install the iSSLfix on your jailbroken iOS device:
- Launch Cydia from your jailbroken iOS device homescreen.
- Tap on the Search tab and search for iSSLfix.
- Tap on iSSLfix from the search results and then tap on the ‘Install’ button.
- Then Tap on the ‘Confirm’ button to install the patch on your iOS device.
- After the patch is successfully installed, reboot your iOS device.
With this you have the best of both worlds, you have patched the vulnerability that is likely to be fixed by Apple in iOS 4.3.4 and you also get to keep your jailbreak.