Apple fixes a security vulnerability in iOS

Apple released iOS 4.2.10/4.3.5 Software Update for iPhones, iPad and iPod touch as update through iTunes.

This update addresses a single vulnerability through which an attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS. Apple describes in a knowledge base article, that the problem occurrs because of an issue in the certificate chain validation in handling the X.509 certificates. Using this vulnerability, an attacker could capture or modify data despite the fact that the session is protected by SSL/TLS.

Please note that this update is only available through iTunes, and will not appear in your computer’s Software Update application, or in the Apple Downloads site. To install the update, just connect your device and issues a manual update in iTunes.

 

Sorin Mustaca

Data Security Expert