Skip to main content

Jailbroken iPhones Get Unofficial SSL Patch

posted onAugust 18, 2011
by l33tdawg

An unofficial patch for a critical SSL vulnerability found in iOS has been released on Cydia, the app store used by people with jailbroken iDevices.

Called 'isslfix' the patch addresses CVE-2011-0228, a very serious vulnerability that compromises the confidentiality and security of SSL/TLS traffic.

The flaw stems from a failure to check the "Basic Constraints" value of digital certificates which defines if they belong to a Certificate Authority (CA) or a regular organization. This is important because CA certificates can be used to sign other certificates. By failing to check this, iOS validates any certificate, even if it is not signed by a trusted CA.

Source

Tags

iOS Security

You May Also Like

Recent News

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th