Apple recently invalidated thousands of signing certificates owing to a major SSL bug. Here’s all you need to know about it and more.
Table of Contents
SSL Certificate issue results in thousands of certificates being invalidated
On March 3, 2019, Apple determined that they were issuing TLS Server and S/MIME certificates with non-compliant serial numbers
According to an Apple representative, Apple first became aware of the issue while reviewing an updated version of the CA (Certificate Authority) software used for issuing SSL certificates.
Since this incident was detected, more than 878,000 certificates have been affected, out of which Apple has already invalidated 355,000 certificates.
This causes new Mobile Provisioning files to not include application-identifier and keychain-access-groups entitlement entries.
This bug only affects tools that use a new profile each time they build or sign an app.
Which tools and certificates are affected?
Since both XCode and Cydia Impactor rely on profiles, they can’t build or sign apps anymore using a free or paid developer certificate. XCode simulator, on the other hand, continues to work as expected.
Apple users are not alone, however. Google, GoDaddy, Instagram, and Facebook (which is why it went down for maintenance yesterday) users are affected as well.
Surprisingly, this bug doesn’t seem to affect enterprise-grade certificates.
This explains how users are still able to utilize signing services like Panda Helper that distribute jailbreak tools and hacked apps signed with an enterprise certificate.
When will Apple patch this bug?
Apple has stopped issuing signing certificates with non-compliant serial numbers and intends to roll out a patch soon.
Though some users have reported success with several XCode tweaks, there’s no single solution that works for all users.
If you own a jailbroken device, there’s a pretty straightforward workaround to this bug.
Just go ahead and install ReProvision signing tool, which works with both free and paid certificates. However, it will only work for apps or IPA files that were installed yesterday or before.
Cydia Impactor signing utility will remain defunct for the time being. Thankfully, Saurik is in the know and will push a patch, if need be, once the dust settles.
So glad in a way this broke impactor now I’m using TNS and I can re jailbreak anywhere I just ran it in my doctors office lol. I used impactor for years!
What is TNS?
what is TNS? Im interested into knowing more myself
G0blin is not a part of Ignition, and when I use Meridian or totallynotspyware (v10.3.2), I get messages prompting me there my device is already JB. So my options are to either re JB with G0blin, or format and re-JB again. My device died so I lsot the JB and g0blin isnt on it anymore and my tweaks simply crash due to not being signed.
Any other suggestions? Otherwise I have to wait for Apple to fix this issue or Saurik updating Impactor so that I can use G0blin with Impactor again, or use another device and JB that from the online site Silzee and use Meridian JB until the signing problem is resolved. Its stuff like this we need a full jailbreak.
Try using TutuApp or Panda Helper.
Tried to jailbreak (via impactor 0.9.5.1 + yalu 10.2b7) my 6S with iOS 10.2 – there is error:
Failed to verify code signature of /private/var/installd/Library/Caches/com.apple.mobile.installd.staging/temp.HRTANC/extracted/Payload/yalu102.app : 0xe8008016
and
file: provision.cpp; line: 81; what:
ios/addAppId =9313
The ‘Network Extensions’ feature is only available to users enrolled in Apple Developer Program. Please visit https://developer.apple.com/programs/ to enroll.
How can i improve it? Is it possible to make jailbreak (as i made it before)?
This error as of right now can’t be fixed if you are using Impactor. Please use Ignition or Panda Helper to install Yalu jailbreak.
I use g0blin, Amy recommendations since I can’t sign using Impactor at this time??
Yes, you can use Ignition right now.
G0blin is not a part of ignition. When I tried to rejailbreak with totallynotspyware.lol it tells me that my device was already JB with another tool. Though goblin doesn’t have an icon nor list on device management for me. So I need to rejailbreak with g0blin otherwise my only option is to reformat the device which I prefer not to do.
Is there an ETA of when Apple will fully restore the signing process? So I can use Impactor again?
:(. Any other ideas?
oh Thank You so Much man!
Welcome, Riantio.