Skip to content


Subversion checkout URL

You can clone with
Download ZIP
Tag: v1.0cydia
Fetching contributors…

Cannot retrieve contributors at this time

55 lines (31 sloc) 2.06 KB

iOS < 4.3.5 fix for SSL vulnerability (CVE-2011-0228)

Warning : backup your device before installing in case something goes wrong …

Deb package :

dpkg -i isslfix.deb
launchctl unload /System/Library/LaunchDaemons/
launchctl load /System/Library/LaunchDaemons/

Visit to check if this is working.

If you already visited this page without the fix applied, reload the page or clear Safari's cache.

You should see the "Cannot Verify Server Identity" popup, and this message in syslog :

<Warning>: iSSLFix: Certificate <1BDC0A9E-7FC6-4BA4-A9E5-41F206B82D81> in chain starting at <> has isCA=0 => possible MITM attempt, making validation fail

Because securityd is restarted, existing processes and daemons will lose their "connexion" to it and most calls to the Security framework (Keychain, cert validation, etc) will fail : iTunes wont be able to connect to the device, apps will be unable to access the keychain, etc. These issues should disappear after a device reboot.

If securityd crashed (check /Library/Logs/CrashReporter/), remove the package (dpkg -r isslfix) before rebooting.

Comodo stolen certificates blacklist

For devices with older firmwares, the blacklist added in iOS 4.3.2 is replicated (see blacklist.c).


Jump to Line
Something went wrong with that request. Please try again.