Thoughtful, detailed coverage of the Mac, iPhone, and iPad, plus the TidBITS Content Network for Apple consultants.

iOS 4.3.5 and 4.2.10 Fix SSL Vulnerability

Apple has released iOS 4.3.5 for the GSM iPhone 4 and 3GS, the iPad and iPad 2, and the 3rd and 4th generations of the iPod touch, along with iOS 4.2.10 for the CDMA iPhone 4. Both updates address a security vulnerability associated with the handling of X.509 certificates, which could enable an attacker with a privileged network position to capture or even modify data in sessions protected by SSL/TLS.

It’s interesting that this is the second small security update that Apple has released for iOS in the last 10 days (see “iOS 4.3.4 and 4.2.9 Fix PDF Vulnerability,” 15 July 2011), which implies the vulnerabilities have been quite serious, or at least well known.

The updates are available only via iTunes, and despite the minimal changes, they’re big, so allot plenty of time to download and install. To get the update, you may have to click the Check for Updates button in the Version section of the Summary pane of iTunes when your iOS device is connected, since it can take up to a week for iTunes to notice that there’s a new update (presumably Apple doesn’t see the need to check constantly given that iOS updates are unlikely to appear so frequently).

 

Backblaze is unlimited, unthrottled backup for Macs at $5/month.
Web access to files means your data is always available. Restore
by Mail allows you to recover files via a hard drive or USB.
Start your 15-day trial today! <https://www.backblaze.com/tb>