You guys remember how lame it was when Apple released iOS 4.3.4 a mere 10 days ago to squash the JailbreakMe.com exploit? Now those crazy cats are at it again with perhaps the fastest turnaround yet for a new mobile device update in the form of iOS 4.3.5.
Apple has released a new iOS 4.3.5 update on Monday, following close on the heels of iOS 4.3.4 released back on July 15. (How close? We haven’t even gotten around to installing iOS 4.3.4 on our iPhone 4 yet!) You may get some timeout errors while trying to download the update at this very moment, but keep trying and all will be well.
So what’s new and exciting in iOS 4.3.5? Um, sadly, not too much. The release notes only mention that the update “fixes a security vulnerability with certificate validation” -- and that’s it. Yeah, we know, not exactly the sexiest sounding update, but at least Apple wants us to be all snug and safe and secure, right?
iOS 4.3.5 carries a build number of 8L1, and there’s also a separate iOS 4.2.10 available for Verizon CDMA users -- yeah, no joke, Verizon customers are still stuck with iOS 4.2 for now. Sorry, guys and gals…
Update: Apple has now released a support document detailing the security patch in iOS 4.3.5:
Impact: An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS
Description: A certificate chain validation issue existed in the handling of X.509 certificates. An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS. Other attacks involving X.509 certificate validation may also be possible. This issue is addressed through improved validation of X.509 certificate chains.
Follow this article’s author, J.R. Bookwalter on Twitter
dbpunkrockfan
July 28, 2011 at 6:24pm
This is one of the reasons I will be glad when iOS 5 comes out. I can't wait to just click "update software" on my iPod and get a whole update without having to wait for iTunes to sync and load new content just to get a few security updates.
