Apple Releases iOS 4.3.5 to Resolve ‘Security Issue’

Update 1: Apple posts support document for iOS 4.3.5:

iOS 4.3.5 Software Update

  • Data Security

    Available for: iOS 3.0 through 4.3.4 for iPhone 3GS and iPhone 4 (GSM), iOS 3.1 through 4.3.4 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.4 for iPad

    Impact: An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS

    Description: A certificate chain validation issue existed in the handling of X.509 certificates. An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS. Other attacks involving X.509 certificate validation may also be possible. This issue is addressed through improved validation of X.509 certificate chains.

    CVE-ID

    CVE-2011-0228 : Gregor Kopf of Recurity Labs on behalf of BSI, and Paul Kehrer of Trustwave’s SpiderLabs

Apple has just released iOS 4.3.5 to fix a security issue (as first noted by MacStories), and most likely a bunch of bug fixes as always. The change log reads:

Fixes a security vulnerability with certificate validation.

Download links below:

The update is available for the iPhone 4, iPhone 3GS, iPad, iPad 2, and 3rd and 4th gen iPod touch. If you’re on a jailbroken device using iOS 4.3.3, do not update as this will erase your jailbreak. iOS 4.3.4 was released only ten days ago.

P.S. - Like our news? Support the site with a coffee/beer. Or shop with our Amazon link. We use affiliate links when possible--thank you for supporting independent media.