What’s new in iOS 4.3.5, 4.2.10

July 26, 2011

Though it’s all but certain the bad guys know about it, Apple is at least ahead of the media curve this around. A few weeks ago Cupertino papered over a PDF vulnerability and now they’re back to put a cork into another.

IOS 4.3.5 Software Update (GSM) and iOS 4.2.10 Software Update (CDMA) both come to market with one of Apple’s typical non-descriptions.

Fixes a security vulnerability with certificate validation.”

However digging a little deeper yields a patch for a specific vulnerability:

    • Impact: An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS 

      Description: A certificate chain validation issue existed in the handling of X.509 certificates. An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS. Other attacks involving X.509 certificate validation may also be possible. This issue is addressed through improved validation of X.509 certificate chains.

      See also: Mac OS X 10.6.8 Update: Apple has another go

The key words here are “privileged network position,” which roughly translates as “the bad has physical possession of the iPhone.” So, if they’ve got your device, they can do anything they want, but apply this patch anyway.

Like July 15’s iOS 4.3.4 and 4.2.9 Updates, which addressed the famed PDF attack vector, this one targets the same devices: iPhone 4 (GSM model), iPhone 3GS, iPad 2, iPad, iPod touch and iPod touch.

Be Sociable, Share!


Recent stories

Featured resources

Featured stories

RSS Technology news

RSS Windows news

RSS Mac news

RSS Mobile technology news

RSS Green tech

RSS Buying guides

RSS Gaming news

RSS Photography news

Archives

Copyright © 2014 Blorge.com NS