Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Newer
Older
100644 28 lines (17 sloc) 1.315 kb
79130f8 @jan0 added README and deb creation script
jan0 authored
1 iOS < 4.3.5 fix for SSL vulnerability (CVE-2011-0228)
2 =====================================================
3
4 Visit https://issl.recurity.com to check if this is working.
f4cd6ac reboot after install/remove
jan0 authored
5
79130f8 @jan0 added README and deb creation script
jan0 authored
6 If you already visited this page without the fix applied, reload the page or clear Safari's cache.
f4cd6ac reboot after install/remove
jan0 authored
7
79130f8 @jan0 added README and deb creation script
jan0 authored
8 You should see the "Cannot Verify Server Identity" popup, and this message in syslog :
9
10 ```
11 <Warning>: iSSLFix: Certificate <1BDC0A9E-7FC6-4BA4-A9E5-41F206B82D81> in chain starting at <issl.recurity.com> has isCA=0 => possible MITM attempt, making validation fail
12 ```
13
f4cd6ac reboot after install/remove
jan0 authored
14 Because securityd is restarted, existing processes and daemons will lose their "connexion" to it and most calls to the Security framework (Keychain, cert validation, etc) will fail. These issues should disappear after a device reboot.
15
79130f8 @jan0 added README and deb creation script
jan0 authored
16 If for some reason securityd crashes, do not reboot and remove the package (dpkg -r isslfix).
17
f4cd6ac reboot after install/remove
jan0 authored
18 Deb package : https://github.com/downloads/jan0/isslfix/isslfix-test3.deb
79130f8 @jan0 added README and deb creation script
jan0 authored
19
20 References
21 ==========
22
23 http://support.apple.com/kb/HT4824
24 http://blog.recurity-labs.com/archives/2011/07/26/cve-2011-0228_ios_certificate_chain_validation_issue_in_handling_of_x_509_certificates/
25 http://blog.spiderlabs.com/2011/07/twsl2011-007-ios-ssl-implementation-does-not-validate-certificate-chain.html
26 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0228
27
Something went wrong with that request. Please try again.