Friday, 19 August 2011

iPhone3G SSL bug fix

If you've got an old iPhone 3G and you've heard about the SSL bug which Apple don't seem interested in fixing for older iPhones then here's a fix - though you've gotta be running a jail broken iPhone. This bug is a bit nasty as it means that you could potentially be misled into connecting to a site that you think is a trusted site (e.g. your bank) but in actual fact it is a scam site. This can occur due to the fact that the iPhone's SSL stack doesn't check any site's SSL certificate properly - and the certificate is normally the thing that tells you you're connected to who you think you are.

Apple have recently released a fix for newer iPhones/iPads in iOS 4.3.5, but if you've got an old iPhone3G then the latest version of iOS it can run is 4.2.1 so you're a bit stuck. So since Apple isn't bothering to provide any more updates you might as well bite the bullet and jail break your phone - then at least you can add some more features and updates. I found redsn0w 0.9.6rc18 to do the job quite well after many failed attempts with greenpois0n.

Once you have jailbroken your phone you need to run Cydia and search for iSSLfix and install it (as also explained here) - then you're covered.

[updated:17feb12: Corrected problem description]

No comments:

Post a Comment