Apple Releases iOS 4.3.5 to Resolve ‘Security Issue’

Update 1: Apple posts support document for iOS 4.3.5:

iOS 4.3.5 Software Update

• Data Security

  Available for: iOS 3.0 through 4.3.4 for iPhone 3GS and iPhone 4 (GSM), iOS 3.1 through 4.3.4 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.4 for iPad

  Impact: An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS

  Description: A certificate chain validation issue existed in the handling of X.509 certificates. An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS. Other attacks involving X.509 certificate validation may also be possible. This issue is addressed through improved validation of X.509 certificate chains.

  CVE-ID

  CVE-2011-0228 : Gregor Kopf of Recurity Labs on behalf of BSI, and Paul Kehrer of Trustwave’s SpiderLabs

Apple has just released iOS 4.3.5 to fix a security issue (as first noted by MacStories), and most likely a bunch of bug fixes as always. The change log reads:

Fixes a security vulnerability with certificate validation.

• iPhone 4 (GSM)
• iPhone 3GS
• iPad (WiFi)
• iPad 2 (WiFi)
• iPad 2 3G (GSM)
• iPad 2 3G (Verizon)
• iPod touch 3rd Gen
• iPod touch 4th Gen

The update is available for the iPhone 4, iPhone 3GS, iPad, iPad 2, and 3rd and 4th gen iPod touch. If you’re on a jailbroken device using iOS 4.3.3, do not update as this will erase your jailbreak. iOS 4.3.4 was released only ten days ago.