The bug appears to be due to a rather silly error where the portion of the code that verified the authenticity of the server was never reached.
There are conspiracy theories floating around about the bug being intentionally introduced by Apple, to give the NSA a way to tap into the data going through secure networks.
It has been strongly recommended that users upgrade to iOS 7.0.6 to fix the issue. However, if you’re a jailbreaker it would mean losing the jailbreak, and then re-jailbreaking and re-installing the tweaks all over again, which can be quite a painful and time consuming task.
We now have some good news. A Cydia developer has just released a jailbreak tweak that patches the SSL security bug in iOS 7.0.5 or lower, so you don’t have to upgrade to iOS 7.0.6. Update: Well-known Cydia developer, Ryan Petrich, has also released a tweak to fix the SSL bug.
Here’s how to install the patch to fix the SSL bug:
- Launch Cydia
- Tap on the manage button, followed by Edit in the top right corner.
- Then tap on Add to add the repo, which includes the patch.
- Here enter the following http://rpetri.ch/repo URL and click on Add Source button.
- After the source has been successfully added click on the Return to Cydia button.
- You should now see the Ryan’s repo in the list of sources.
- Tap on it, scroll down, and tap on SSLPatch
- Then tap on Install, followed by the Confirm button to install the patch.
- Tap on Restart SpringBoard button when prompted.
That’s it. The SSL bug should now be fixed on your iOS device running iOS 7.0.5 or lower. A number of redditors have confirmed on this thread that the patch indeed works. Please note it supports iOS 6.x, iOS 7.x and 64-bit devices.
If you’ve problems following the guide then check out this video tutorial:
Please don’t forget to subscribe to our YouTube channel
Well-known Cydia developer, Ryan Petrich, has also released a tweak to fix the SSL bug, so the above guide has been updated accordingly.
If you want to find out if the patch has fixed the SSL bug, point your Safari browser to gotofail.com website. The website will let you know if your browser is still vulnerable or safe. If you get the Safe message then the bug has been patched successfully.
Thanks Grayson and AdaWong2 for the tip!
As always, let me know how it goes.