iOS 4.3.5 and iOS 4.2.10 Released To Address Security Vulnerabilities

This is just one week after 4.3.4 was released to to plug the JailbreakMe.com PDF exploit.

Apple simply says the update “fixes a security vulnerability with certificate validation.”

Update: Apple has now posted a document outlining the security fix in this release. They code the issue as “CVE-2011-0228″

Impact: An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS

Description: A certificate chain validation issue existed in the handling of X.509 certificates. An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS. Other attacks involving X.509 certificate validation may also be possible. This issue is addressed through improved validation of X.509 certificate chains.

You can download it via iTunes with your iDevice plugged in, or just grab the ipsw files from the direct links below. The build number of iOS 4.3.5 is 8L1 and the build for 4.2.10 (CDMA) is 8E600

Direct Links:

You can leave a response, or trackback from your own site.
Powered by WordPress | Drink On

Warning: Parameter 1 to W3_Plugin_TotalCache::ob_callback() expected to be a reference, value given in /homepages/5/d663847416/htdocs/wp-includes/functions.php on line 2981