Apple has released security updates for iOS to fix a problem with certificate validation:
A certificate chain validation issue existed in the handling of X.509 certificates. An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS. Other attacks involving X.509 certificate validation may also be possible. This issue is addressed through improved validation of X.509 certificate chains.
The updates, iOS 4.3.5 for the iPhone (GSM), iPod touch and iPad, and iOS 4.2.10 for the CDMA (Verizon) iPhone, are available via iTunes. More information about the update is available here for iOS 4.3.5 and here for iOS 4.2.10.
Leave a reply