How to patch the iOS SSL bug without updating to iOS 7.0.6

By , Feb 23, 2014

SSLPatch

Renowned iOS developer Ryan Petrich has released a patch on his personal beta repo to fix the SSL issue present in iOS firmware below iOS 7.0.6. On Friday, Apple unexpectedly dropped the new iOS 7.0.6 firmware to fix the egregious security hole, which is detailed in this post.

Such a serious security flaw is bad for jailbreakers, because it means needing to update your device, and having to perform the jailbreak process all over again. Evasi0n7 1.0.6 was released to jailbreak iOS 7.0.6, but it’s still hassle to have to back everything up, restore to iOS 7.0.6, and re-jailbreak. Due to the serious nature of the security hole, we’ve been encouraging folks to update, which is understandably a huge hassle for many.

But Ryan Petrich has come through to save the day, releasing a fix for the SSL issue that allows users to remain on current firmware. Ryan’s SSLPatch release makes it so that you don’t have to immediately update to iOS 7.0.6 in order to protect yourself from the serious flaw. Check inside for more details.

To find SSLPatch, you’ll first need to add Ryan Petrich’s beta repo to your list of Cydia sources. His repo address is as follows:

http://rpetri.ch/repo/

Once you add the repo, search for SSLPatch. The SSLPatch page has a link to the analysis of the bug it fixes, along with a link to the code on GitHub if you’d like to inspect what it does.

SSLPatch 2

Install the SSLPatch tweak in order to be protected while running firmware lesser than iOS 7.0.6. In my opinion, this is more of a stopgap solution, and I still recommend eventually updating to iOS 7.0.6, but SSLPatch is a good way to protect yourself in the interim.

There are no options or settings to configure upon installation, just install it and go.

Ryan has always been one to look out for users, and we appreciate his contributions to the community. What about you?

  • Share:
  • Follow:
  • on3simpleclick

    Eh, I’ll just update. I’d rather be running the latest version of iOS.

    • workin

      patch is for >iOS 6. And up

      • Sleetui

        This works for iOS 6 as well?

      • Andy

        The SSL bug is only in iOS 6 and 7.

      • Sleetui

        The bugs in both iOS’s so meaning this tweak is available for iOS 6 as well as iOS 7?

      • Andy

        Yes, it’s for both versions

    • Pwill

      update and get bricked :p

  • Lance Baker

    Stupid me decided to downgrade from 7.1 Beta 3 to 7.0.6 on my iPad today. Now this fix is released and I can’t go back to the beta which is incredibly awesome and stable. Thank Bob my phone is still on Beta 3.

    • LAGISSUEZ

      Just curious, what’s better about 7.1?

      • Svs

        Its like heaven and earth in terms of performance

      • Kenrick Fernandes

        What do you mean?? Can you expand a bit?

      • Svs

        Well performance in iOS 7.1 beta is hugely improved but i guess calling it heaven and earth is kind of exegerating

      • Dan

        if it resolves apps crashing, I’m in.

      • Svs

        Yes it does but ios 7.1 beta 4 and above cant be jailbroken and ios 7.1 beta 3 and below has expired

      • ɑղժɾҽա

        Improved animation speeds, new male/female siri voices for other languages. The male and female UK voices are very nice. New UI elements.

      • LAGISSUEZ

        Thanks. Worth losing jb over?

      • ɑղժɾҽա

        No, not really, but I’m jailbroken on iOS 7.1 beta 3, so I get the best of both worlds. :)

      • Lance Baker

        It’s super stable. Gone are many annoying bugs and the little tweaks to the overall appearance are quite welcome. It’s also just super fast and just feels more complete. You’d have to use it.

      • LAGISSUEZ

        Boy I sure hope they jb that one then too.

  • Chris Holden

    Mr. Ryan Petrich is a legend

  • Cesar D

    I was just waiting for this.

  • Anderson Silva

    How about OS X? Is there any solution, patch or something like this to get rid of this flaw? (For now)

    • Garrett

      Use a 3rd party browser for your web stuff – Chrome or Firefox. The update for OS X in general should be very coming soon :)

      • Anderson Silva

        It’s not just the Web Browser. THink about Mail, iMessage, iTunes Store, etc….

      • Garrett

        Correct, but there isn’t much you can really do to protect yourself other than using applications that do not utilize the code that creates this flaw. For web browsing that would be a third-party solution :)

    • Jonathan

      gotofail . com has a link that leads to a 3rd party party patch for OS X. I haven’t tried it, so use at your own risk.

      • Marcus

        Eh I used to trust i0n1c but I don’t really anymore.

      • Anderson Silva

        Git it, but I didn’t figure out how to make this patch works (yet). Any idea?

      • Jonathan

        Nope, I’m not that smart in that field. I’ve just started in programming. :P

  • Dallas Groot

    .

  • oioile

    omg, I have just upgraded to 7.0.6 and finished all the restore-jailbreak process right before I saw this!!

    • sorrento

      Me too… LOL !
      Whatever, at least we got the latest firmware :))

    • Kenrick Fernandes

      did you backup and restore ? Why restore.. I have read everywhere that restoring from a previous backup is plain bad and carries all your previous junk from the last back up to the fresh OS.

      • Niclas

        That is if you have issues with the device. If not, there is no problem restoring from a backup.

    • Dan

      same here >.<

  • Mescudi

    This guy…..Does he ever do anything bad?
    guy is plain awesome.

  • Help

    Does anyone know if a tweak exists that lets you individually force an app to always be in a specific orientation?

  • filter351

    Wow, glad that I waited.

  • solidsephiroth

    Too late. But thanks for the tweak, anyway.

  • Alberto Espinal

    My respect goes to this kid #RyanPetrich

  • Jeremy

    Woooowwwwwwww, would have been freakin wonderful to know this earlier in the day BEFORE I restored an iPad and 3 iPhones AND rejailbreak them all over again. -__-

    • http://sciencedem.blogspot.com editor

      LOL you’re not alone in that sentiment….

  • SimonReidy

    Sweet. Thanks for your excellent work Ryan. I really couldn’t be bothered going through the backup/restore/re-jaibreak experience again so soon. I’ve spent ages getting my iPhone 5 and iPad Air exactly how I want them, so I’m sticking to 7.04 for now.

  • Matt

    How come after I apply the patch, and reboot even, the test link in the ImperialViolet analysis that the tweak links to says I’m still affected?

  • Sam Khan

    after jailbreaking on iOS 7.0.6 i can’t do wifi sync with iTunes. anyone having the same issue?

    • http://sciencedem.blogspot.com editor

      only with my iPad Air. But no issue with my updated phone. The Air won’t WIFI mount in iTunes.

      • Sam Khan

        my all devices have this problem

  • gittlopctbi

    This came a little late for me, but at least I’m on the latest OS. The other bonus is that from this experience, I discovered (thanks to some tips) OpenBackup, which is free and works really, really slick to restore all your apps and tweaks and their settings. Was worth the price of admission!

    • Kenrick Fernandes

      how did this work for you. i installed openbackup when i was on 7.04 and then i clicked on backup. It said it was successful. However after upgrading to 7.06 and then jailbreaking and finally installing openbackup again… i clicked on restore but none of the tweaks were restored. Did you follow the same process.

      • Ansar Arif

        It’s always best to manually copy the OpenBackup folder to your computer and put it back after restore/update just to make sure and sometimes it won’t install the first time so doing it twice doesn’t hurt.

      • gittlopctbi

        As for me it worked like magic. But if you’re having problems, Ansar’s reply seems like sound advice.

  • Svs

    So glad that i have rpetrich repo and didn’t update my ipad 3 to 7.0.6 from 6.1.3 and ipad air from 7.1 beta 3

  • AmP77

    I updated to 7.0.6 already and now my mail & safari apps are not working. After launching they just crash!! Any1 else experiencing this???

  • GorGorWoeWoe

    So now that I’ve got the patch… Should I upgrade from 7.0.4 to 7.0.6? I mean other than a few small patches, what else do you get?

  • chookie.06

    i love you Ryan. you saved this girl from redoing everything i have already done :)

  • Kenrick Fernandes

    I would like to ask the good people here.. what exactly do they do when they have to go through the whole process of re-jailbreaking? For me i backup my phone(just in case) – then restore – and then use it as a new iPhone & of ofcorse jailbreak.. But i have seen alot of people here who backup – restore – and then restore from previous backup – and then rejailbreak. Is this even good?

    • Chris

      It’s perfectly fine, as long as you restore iOS instead of upgrading the previous jailbreak is deleted from the file system, restoring your system data doesn’t restore any jailbreak data with it so it’s perfectly safe to jailbreak again afterwards.

      If you need to backup your Cydia settings I used PKGBackup which is $9-10 but it does an awesome job of keeping all your Cydia settings the same as you left them.

      • Niclas

        Actually it does restore “jailbreak data” to some extent, but as long as you don’t have any issues with your device, it’s fine.

      • Chris

        Jailbreak data would be defined as core jailbreak files such as Cydia for example, things like plist files are automatically backed up but they are app data files so they play no key role in the jailbreak itself

      • Niclas

        Core jailbreak data as in dylibs, payloads, patches etc. are generally not carried on. All files in specified folders are carried on (no matter of filetype).

      • diggitydang

        On previous OS’s (ie <iOS7), I used to do a fresh restore when upgrading and it would ALWAYS reset my JB settings. I'd have to re-add my sources and tweaks and it would suck – all that re-springing in a row!! This time, I used aptbackup and then used "Update" in iTunes (not restore). It worked great, and when I went to re-JB, got a warning that it was already jailbroken. I did it anyway (since I can always restore if it went wrong) and it jailbroke fine. Used aptbackup to bring all my tweaks back and had a productive day doing other things!! :). Everything is working great right now!!

        Good luck!

      • diggitydang

        WTF happened to my comment? Ah well, can’t retype it all. In a gist, I basically said that I updated in iTunes (not Restore) and it worked/works great. Used aptbackup to bring all my tweaks back. It worked great. I’ve restored in the past and it always removed my JB data, and I’d have to add back sources and tweaks – a huge pain in the ass.

        Anyway, good luck. Weird that my above comment did that. I swear I don’t normally write that way!!! :P

      • gittlopctbi

        This is epic.

      • http://www.bearsstillsuck.com/ Simon

        Complete garbage I swear. I’ve been using it for 3 different iOS and swear it has only worked right for me one damn restore. Of course it didn’t work yesterday and I got to waste most of my day reinstalling everything. I wish he’d ever update his damn app, especially for what he charges for it.

  • Chris

    While the patch may work it’s only applying a secondary SSL library ahead of Apple’s built in SSL security, upgrading as Jeff said would be highly recommended

  • Niclas

    Remember people! This does NOT secure your devices in Safe Mode!!!
    You should add this in the article Jeff!

  • LeMerlot

    Ryan Petrich is my super heroe! Seriously, he saved me (and us) so much time, where Apple failed…

  • AmP77

    This is why R Petrich is very much revered in the JB community. Hats off to u esquire. Is any1 experiencing problems with mail or safari app after updating to 7.0.6?????ANYONE?????ANYONE?

    • diggitydang

      Everything seems fine on 7.0.6, but I love that Petrich came out with this!!

      I love iOS, but it ain’t perfect. I have such appreciation for the jailbreak developers like Petrich (and Saurik, Evad3rs and all those like them) who close the gap on where iOS falls a bit short.

  • Cool

    I hope it works with iOS 6.

  • Froo

    Ryan’s stuf is really great

  • Beta382

    Please add to the post that THIS DOES NOT PROTECT YOU WHEN YOU ARE IN SAFE MODE. If you are in Safe Mode or No-Substrate mode, this will not work, because it is a substrate patch. This should only be used as a stopgap for those that aren’t currently able to update to the latest version of iOS. All users should update if they value their security.

  • Chetan

    Updated to v1.0 n available on big boss repo..

  • Leviscus Tempris

    Anyone else know of good things to download for safety on ios 7.x?

  • Chuck Finley

    I’m just curious, how do you see this as a stopgap solution?

    If it’s patched the SSL problem, how can it be undone?

  • Steve Jobs

    Ryan is the no.1 developer out there!!!!

  • Sarah Strauss

    So, I do not have a jailbreak situation, just never upgraded my iPhone4 from iOS 5.1 because I was out of the country and not using it, then heard bad things about slow going for IPhone 4 upgrades, same story for my IPad mini 2, running 6.0.1–but my question is, what to do now? will this patch work if I don’t have a jailbreak, just old OS? And if I do upgrade, I am hearing bad stories about bricking up, and the problem of everything running slow or simply not working seems high. Stuck?! Thanks for your help.

    • Fadhlan

      This patch only working for jailbroken phone. If you’re not jailbroken, you need to update it to the latest firmware provided by Apple.

  • Schryliam

    Just out of curiousity, but what exactly does this fix?
    ssl doesn’t say me much

  • JMoVS

    so how (and did you) update mobile substrate on iOS 6 to 0.9.5x?

    • http://philippe97.ca/ Philippe97

      When I updated it a little while ago, it just worked as usual……

      (if I remember correctly, Cydia Substrate works on 2.0 – 7.0)

      • JMoVS

        Problem is: A friend runs iOS 6 on his iPhone 4 and doesn’T want to update but he can’t make the jump from “mobile substrate” to “cydia substrate”