iOS < 4.3.5 fix for SSL vulnerability (CVE-2011-0228)
Warning : backup your device before installing in case something goes wrong …
Deb package : https://github.com/downloads/jan0/isslfix/isslfix.deb
dpkg -i isslfix.deb launchctl unload /System/Library/LaunchDaemons/com.apple.securityd.plist launchctl load /System/Library/LaunchDaemons/com.apple.securityd.plist
Visit https://issl.recurity.com to check if this is working.
If you already visited this page without the fix applied, reload the page or clear Safari's cache.
You should see the "Cannot Verify Server Identity" popup, and this message in syslog :
<Warning>: iSSLFix: Certificate <1BDC0A9E-7FC6-4BA4-A9E5-41F206B82D81> in chain starting at <issl.recurity.com> has isCA=0 => possible MITM attempt, making validation fail
Because securityd is restarted, existing processes and daemons will lose their "connexion" to it and most calls to the Security framework (Keychain, cert validation, etc) will fail : iTunes wont be able to connect to the device, apps will be unable to access the keychain, etc. These issues should disappear after a device reboot.
If securityd crashed (check /Library/Logs/CrashReporter/), remove the package (dpkg -r isslfix) before rebooting.
Comodo stolen certificates blacklist
For devices with older firmwares, the blacklist added in iOS 4.3.2 is replicated (see blacklist.c).