How to Fix SSL bug without upgrading to iOS 7.0.6 or iOS 6.1.6 [Updated]

sslpatch

Apple released iOS 6.1.6 and iOS 7.0,6  on Friday, which fixes a major SSL bug found in one of Apple’s SSL/TLS library that could let hackers intercept and modify your data on secure HTTPS sessions.

The bug appears to be due to a rather silly error where the portion of the code that verified the authenticity of the server was never reached.

There are conspiracy theories floating around about the bug being intentionally introduced by Apple, to give the NSA a way to tap into the data going through secure networks.

It has been strongly recommended that users upgrade to iOS 7.0.6 to fix the issue. However, if you’re a jailbreaker it would mean losing the jailbreak, and then re-jailbreaking and re-installing the tweaks all over again, which can be quite a painful and time consuming task.

We now have some good news. A Cydia developer has just released a jailbreak tweak that patches the SSL security bug in iOS 7.0.5 or lower, so you don’t have to upgrade to iOS 7.0.6. Update: Well-known Cydia developer, Ryan Petrich, has also released a tweak to fix the SSL bug.

Here’s how to install the patch to fix the SSL bug:

  • Launch Cydia
  • Tap on the manage button, followed by Edit in the top right corner.
  • Then tap on Add to add the repo, which includes the patch.
  • Here enter the following http://rpetri.ch/repo URL and click on Add Source button.
  • After the source has been successfully added click on the Return to Cydia button.
  • You should now see the Ryan’s repo in the list of sources.
  • Tap on it, scroll down, and tap on SSLPatch
  • Then tap on Install, followed by the Confirm button to install the patch.
  • Tap on Restart SpringBoard button when prompted.

That’s it. The SSL bug should now be fixed on your iOS device running iOS 7.0.5 or lower. A number of redditors have confirmed on this thread that the patch indeed works. Please note it supports iOS 6.x, iOS 7.x and 64-bit devices.

If you’ve problems following the guide then check out this video tutorial:

Please don’t forget to subscribe to our YouTube channel

Update 1:

Well-known Cydia developer, Ryan Petrich, has also released a tweak to fix the SSL bug, so the above guide has been updated accordingly.

Kudos to the developer linusyang, Ryan Petrich and the jailbreak community for coming out with the patch so quickly. You can find more details about the patch here.

Update 2:

If you want to find out if the patch has fixed the SSL bug, point your Safari browser to gotofail.com website. The website will let you know if your browser is still vulnerable or safe. If you get the Safe message then the bug has been patched successfully.

sslpatch

When you visit Gotofail.com before installing patch (left) and after installing SSLPatch (right)

Thanks Grayson and AdaWong2 for the tip!

As always, let me know how it goes.

Like this post? Share it!

  • JKC

    tanks Gautam :) I will take that, as a reply to my question on the other post about evasi0n7 ;D

  • 8lias

    I am assuming this one from Ryan Petrich is the same?

    [URL=http://s1069.photobucket.com/user/8lias/media/IMG_1710_zps8344aed0.png.html][IMG]http://i1069.photobucket.com/albums/u472/8lias/IMG_1710_zps8344aed0.png[/IMG][/URL]

    • Gautam

      Yeah, it is the same. I’ve updated the article with Ryan Petrich’s tweak as he a well-known and trusted Cydia developer.

    • Big Boss Moderator

      No NO , He’s a famous hacker , dont Download it Man !

  • JKC

    and i just have to say: Ryan Petrich was working on it since yesterday, and that tweak is opensource since that time….F…..ing stealers

    • Gautam

      Not sure if it was stolen or not.

      Anyways, since Ryan’s tweak is out too, we’ve updated the post with his as he is a well-known and trusted Cydia developer.

  • JKC
  • YC

    My version is 7.04, jailbroken when visiting gotofail.com seems safe. Does that mean that I am safe?

  • paul

    patched works thanks

  • Reggaegooner

    It’s on Big Boss now, no need to add additional repos

  • thekeeper99

    Installed OK from bigboss. Seems to fix it in Safari and other apps, but if you follow the links in the package description within Cydia, the 1266 test site shown within Cydia still is vulnerable. Is that because Cydia bypasses or does not use the dylib?

  • Sebastian Rasch

    Ah darn and I updated, jailbroke and re-downloaded all my Cydia apps and now this convenient trick comes along!

  • http://lasvegasworldnews.com/ Chellie Cervone

    Thanks just saw it on BB.It as not in RP repo.

  • Drew

    For Gautaum: Thanks for sending me here, but my phone is not Jailbroken, it was purchased unlocked from a Thailand Apple authorized reseller. I suppose I will have to jailbreak my phone to avoid upgrading this iPhone4 to iOS7? Ugh.

  • ryan

    downloaded this and now my phone is stuck in boot loop
    help

  • herbyman

    p0sixspwn patch for iOS6.1.6 out!! Thank you very much p0sixspwn.
    Make things easy for us, helps us surely a lot. You’re just amazing. All the best to you guys. Thanks.

  • Dwnrvrlivin

    Can you use the patch if your iPhone 4s is not jailbroken?

    • Dwnrvrlivin

      I don’t want to upgrade from 6 to 7 because of the huge amount of issues posted about 7 regarding iPhone 4s and iPads.

      • herbyman

        your 4S will be directed to iOS 7.0.6
        this patch is for Jailbroken iDevices only
        6.1.6 is particularly for 3GSs & iPods.

  • ng3010

    Thanks.. this worked for me

  • Tasso

    If I wanted to unjailbreak my phone after doing this tweak, could I? Or will it mess up my phone?

  • Jenn

    I am still using iOS 6.1.3 on my iPhone 4, without jailbreak. Apple insists I must go to iOS 7 in order to patch, but I don’t want to do it because I still use cabled video-out to my TV.

    Is there a way for me to path to 6.1.6 without jailbreaking? If so, does anyone know where I can find these instructions? Or, do I have to jailbreak?

    Thnaks

  • Nick Bro

    Next Show me how to fix springboard crash without upgrading to 7.1 k thanks

  • leart

    Is not working on my ip4 jb on 6.1.3 :(

  • Code

    is it normal that the gotofail.com website shows “Your browser is vulnerable….” msg even after installing the patch??

    • zefie

      Mine did this too, clear your safari cache (go to settings, safari, clear cookies and data) then try again. it showed safe after that.