Apple Releases iOS 4.3.5 For iPhone, iPad, iPod Touch & iOS 4.2.10 For Verizon iPhone To Fix Security Vulnerability [Updated]

iOS 4.3.5

Apple has just released iOS 4.3.5 for iPhone, iPad and iPod Touch and iOS 4.2.10 for Verizon iPhone to fix a security vulnerability with certificate validation.

The release of iOS software update comes as a surprise as Apple had released iOS 4.3.4 and iOS 4.2.9 just 10 days back to fix the vulnerability that was used by Comex in JailbreakMe 3.0.

According to the release notes, iOS 4.3.5 and iOS 4.2.10 includes the following changes:

Fixes a security vulnerability with certificate validation.

The support document provides more details about the vulnerability:

Impact: An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS

Description: A certificate chain validation issue existed in the handling of X.509 certificates. An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS. Other attacks involving X.509 certificate validation may also be possible. This issue is addressed through improved validation of X.509 certificate chains.

iOS 4.3.5 supports the following iOS devices:

iOS 4.2.10 supports:

If you don’t care about jailbreaking or unlocking your iPhone then you can update your iPhone with iOS 4.3.5 or iOS 4.2.10 via iTunes or using the direct download links:

Update:

MuscleNerd of the iPhone Dev team has warned jailbreakers and unlockers to stay away from iOS 4.3.5 and iOS 4.2.10, but you need to be aware that you’re exposed to the security vulnerability:

Jailbreakers please stay away from today’s iOS 4.3.5 update!

yeah stay away from that too…saying “4.3.5/4.2.10″ felt like too many numbers for one tweet :)

As always, let us know how it goes and if you notice anything interesting in the comments.

  • http://www.stackfile.com naveed

    Redsn0w Can Jailbreak iOS 4.3.5 On iPhone 4, 3GS, iPad, iPod touch..Tethered ONLY

    MuscleNerd of iPhone Dev Team:

    @zaone @m1ckey29 ah ok thanks for checking!

    “So those who really do want tethered 4.3.5 can use redsn0w pointed at 4.3.4 (except iPad2).

  • Lee

    Are the ppl on 4.3.3 and have already installed PDf patched from cydia safe from security vulNerabilty ? Very confusing Muslenerd post or the Dev team post

  • Cooper

    I don’t have a jb phone but I’m not going to bother with this update. What’s the point? I’ll wait for iOS5.

  • Matt

    Damn it Apple, just get Verizon and AT&T on the same firmware number. 4.2.10 is a bit much.

  • http://www.motorbeam.com/ fas

    Its not available in India yet. It says 4.3.4

  • http://www.spotlightofpeace.com/techarea peace

    Apple has now become Newsweek with an update after the other. They need to shake themselves up and alas no Jailbreak for iPad2.

  • Giancarlo

    I believe this new update is necessary if not my iphone 4 doesnt do a back up when i plug it in…. any comments?

  • crsmejia

    There are two vulnerabilities, first one is the PDF exploit that Jailbreakme.com 3.0 uses. The second one is a new one that is very critical, it’s a certificate verification bypass. So if you don’t mind jailbreaking your iphone tethered then do so and update using TinyUmbrella, but if you like your unlock then stay away, but the caveat is that you will be exposed to the vulnerability.