Fix iOS 4.3.3 Vulnerability with isslfix

If you may recall, with the release of the long awaited JailbreakMe 3.0 for iOS 4.3.3, literally 10 days later Apple patched the clever PDF exploit in iOS 4.3.4. The security exploit could be triggered by viewing a maliciously crafted PDF file which may lead to an unexpected application termination or arbitrary code execution.

While the main reason Apple patched the exploit was to stop the use of JailbreakMe, it can also be a security concern. A few days later, Apple released another iOS software update, iOS 4.3.5. Apple released this update to patch the certificate validation vulnerability.

If you love customizing your iDevice to the fullest, you’ve probably already jailbroken, unless you didn’t update by accident or purchase your iDevice after Apple stopped signing iOS 4.3.3. Unfortunately, while not updating to the latest software may preserve your jailbreak, you may also be at risk from the same vulnerability…

[tube]http://www.youtube.com/watch?v=eoLkKr4FRng[/tube]

Thankfully, @Onaj has just released a package to patch the security vulnerabilities while preserving your jailbreak on iOS 4.3.3.

isslfix patches an SSL vulnerability known as CVE-2011-0228. The package is available for free in Cydia and will provide the same protection as if you were on iOS 4.3.5, just now you’ll still have an untethered jailbreak. The package is available under the BigBoss repo, so you won’t need to add any new repos. After you’ve installed isslfix, simply reboot your iPhone and voila!

While the chances of your iPhone actually coming across a malicious PDF are pretty slim, it’s better to be safe then sorry, right?

[ModMyi]