Apple has released an update to its firmware for iPhone, iPod and iPad portable devices, iOS 4.3.5. The update appears to be a minor one that fixes a vulnerability. You should be able to plug your iPhone, iPad or iPod touch into iTunes now to obtain the update.
The update notice says that it “Fixes a security vulnerability with certificate validation.”
The Verizon version of the iPhone 4 has also been updated, but continues its firmware fork by moving to iOS 4.2.10. This fork is expected to merge with the main version of iOS with the release of iOS 5 this September.
Apple has provided further information about the vulnerability fixed on its support site:
Impact: An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS
Description: A certificate chain validation issue existed in the handling of X.509 certificates. An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS. Other attacks involving X.509 certificate validation may also be possible. This issue is addressed through improved validation of X.509 certificate chains.
Download links for iOS 4.3.5
- iPad (WiFi)
- iPad 2 (WiFi)
- iPad 2 3G (GSM)
- iPad 2 3G (Verizon)
- iPhone 3GS
- iPhone 4 (GSM)
- iPod touch 3rd Gen
- iPod touch 4th Gen
- iPhone 4 (Verizon, version 4.2.10)
This is a breaking story, we will be updating continuously. Please refresh.