According to the release notes, iOS 4.3.5 and iOS 4.2.10 includes the following changes:
Fixes a security vulnerability with certificate validation.
The support document provides more details about the vulnerability:
Impact: An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS
Description: A certificate chain validation issue existed in the handling of X.509 certificates. An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS. Other attacks involving X.509 certificate validation may also be possible. This issue is addressed through improved validation of X.509 certificate chains.
iOS 4.3.5 supports the following iOS devices:
iOS 4.2.10 supports:
If you don’t care about jailbreaking or unlocking your iPhone then you can update your iPhone with iOS 4.3.5 or iOS 4.2.10 via iTunes or using the direct download links:
- iPhone 4 GSM
- iPhone 4 CDMA
- iPhone 3GS
- iPad 2 Wi-Fi
- iPad 2 GSM
- iPad 2 CDMA
- iPad 1
- iPod touch (fourth-generation)
- iPod touch (third-generation)
MuscleNerd of the iPhone Dev team has warned jailbreakers and unlockers to stay away from iOS 4.3.5 and iOS 4.2.10, but you need to be aware that you’re exposed to the security vulnerability:
Jailbreakers please stay away from today’s iOS 4.3.5 update!
yeah stay away from that too…saying “4.3.5/4.2.10” felt like too many numbers for one tweet 🙂
As always, let us know how it goes and if you notice anything interesting in the comments.