Apple Releases iOS 4.3.5 For iPhone, iPad, iPod Touch & iOS 4.2.10 For Verizon iPhone To Fix Security Vulnerability [Updated]


iOS 4.3.5

Apple has just released iOS 4.3.5 for iPhone, iPad and iPod Touch and iOS 4.2.10 for Verizon iPhone to fix a security vulnerability with certificate validation.

The release of iOS software update comes as a surprise as Apple had released iOS 4.3.4 and iOS 4.2.9 just 10 days back to fix the vulnerability that was used by Comex in JailbreakMe 3.0.

According to the release notes, iOS 4.3.5 and iOS 4.2.10 includes the following changes:

Fixes a security vulnerability with certificate validation.

The support document provides more details about the vulnerability:

Impact: An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS

Description: A certificate chain validation issue existed in the handling of X.509 certificates. An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS. Other attacks involving X.509 certificate validation may also be possible. This issue is addressed through improved validation of X.509 certificate chains.

iOS 4.3.5 supports the following iOS devices:

iOS 4.2.10 supports:

If you don’t care about jailbreaking or unlocking your iPhone then you can update your iPhone with iOS 4.3.5 or iOS 4.2.10 via iTunes or using the direct download links:

Update:

MuscleNerd of the iPhone Dev team has warned jailbreakers and unlockers to stay away from iOS 4.3.5 and iOS 4.2.10, but you need to be aware that you’re exposed to the security vulnerability:

Jailbreakers please stay away from today’s iOS 4.3.5 update!

yeah stay away from that too…saying “4.3.5/4.2.10” felt like too many numbers for one tweet 🙂

As always, let us know how it goes and if you notice anything interesting in the comments.