Apple iOS 4.3.5 Released to Address Security Issue With Certificate Validation

Exactly ten days after the iOS 4.3.4 has been released, the Cupertino company has rolled out iOS 4.3.5 to address a security issue with certificate validation. Check out the direct download links for the iOS 4.3.5 software update, just after the break.

iOS 4.3.5 Software Update

Fixes a security vulnerability with certificate validation.

The new version checks in as Build 8L1, and is for the GSM iPhone 4, iPhone 3GS, all iPads, and the third- and-fourth-generation iPod touch. A separate iOS 4.2.10 (Build 8E600) is available for the CDMA iPhone.

Direct download links:
iPhone 4 GSM
iPhone 4 CDMA (iOS 4.2.10)
iPhone 3GS
iPad 2 Wi-Fi
iPad 2 GSM
iPad 2 CDMA
Original iPad
iPod touch (fourth-generation)
iPod touch (third-generation)

Update: Some users are reporting receiving errors when attempting to connect to Apple’s servers for the update, but with repeated attempts it seems as though users are able to get through.

Update 2: Apple has now posted a support document describing the security issue patched in the update. The issue has been given an identifier of CVE-2011-0228.

Impact: An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS

Description: A certificate chain validation issue existed in the handling of X.509 certificates. An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS. Other attacks involving X.509 certificate validation may also be possible. This issue is addressed through improved validation of X.509 certificate chains.

Comments Closed

Comments are closed. You will not be able to post a comment in this post.