Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Apple Releases iOS 4.3.5 to Address Security Issue With Certificate Validation

MacRumors

MacRumors

macrumors bot
Original poster
Apr 12, 2001
68,108
38,862



ios_4_3_51.jpg

Only ten days after releasing iOS 4.3.4, Apple has just pushed out iOS 4.3.5 to address a security issue with certificate validation.
iOS 4.3.5 Software Update

Fixes a security vulnerability with certificate validation.
Click to expand...
The new version checks in as Build 8L1, and is for the GSM iPhone 4, iPhone 3GS, all iPads, and the third- and-fourth-generation iPod touch. A separate iOS 4.2.10 (Build 8E600) is available for the CDMA iPhone.

Direct download links:
- iPhone 4 GSM
- iPhone 4 CDMA (iOS 4.2.10)
- iPhone 3GS
- iPad 2 Wi-Fi
- iPad 2 GSM
- iPad 2 CDMA
- Original iPad
- iPod touch (fourth-generation)
- iPod touch (third-generation)

Update: Some users are reporting receiving errors when attempting to connect to Apple's servers for the update, but with repeated attempts it seems as though users are able to get through.

Update 2: Apple has now posted a support document describing the security issue patched in the update. The issue has been given an identifier of CVE-2011-0228.
Impact: An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS

Description: A certificate chain validation issue existed in the handling of X.509 certificates. An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS. Other attacks involving X.509 certificate validation may also be possible. This issue is addressed through improved validation of X.509 certificate chains.
Click to expand...

Article Link: Apple Releases iOS 4.3.5 to Address Security Issue With Certificate Validation
 
Article Link
https://www.macrumors.com/2011/07/25/apple-releases-ios-4-3-5-to-address-security-issue-with-certificate-validation/
Wirelessly posted (Mozilla/5.0 (iPod; U; CPU iPhone OS 4_3_3 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8J2 Safari/6533.18.5)

That was fast.
 
Always good to see security updates.

Small aside, is anyone surprised Apple hasn't made the GSM and CDMA models on the same version number yet? I suppose they will with iOS 5.
 
i wish google/htc/at&t would do this for my android phone. i get constant security cert errors on it on legit websites
 
PeterM11 said:
Always good to see security updates.

Small aside, is anyone surprised Apple hasn't made the GSM and CDMA models on the same version number yet? I suppose they will with iOS 5.
Click to expand...

Not really, when iOS 4 first came out there was nothing concrete that there would be a non-GSM phone released.

With iOS 5, they could unify all requirements and needs, which may explain why there is 100mb+ jump from iOS 4 to iOS 5.
 
Does anybody go through the trouble to update to these pointless releases?
There hasn't been anything new since 4.3.0...
 
Link to IPSW?

Does anyone have a link to the iPhone 4 GSM ipsw? I need to help my brother out by downloading it for him because his Internet is SLOW.
 
I accidentally clicked the check for update button while syncing my iPhone. Good thing I'm in class right now and can utilize my campus' blazing fast WiFi. The whole thing downloads in less than 8 minutes.
 
wonder if it will allow people to upgrade to the iOS 5 beta as the previous one seemed to prevent it.
error 20 etc..
 
Why in the heck hasn't Apple merged the trees yet? Is it *that* hard?

Verizon users are kind of getting the short end of the stick and that annoys me.
 
Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_3_4 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8K2 Safari/6533.18.5)

Aw man, I finally got around to updating to 4.3.4 last night. :p
 
iTunes is still reporting only 4.3.4 for my iPhone 3GS. I've tried a couple of times, but it hasn't reported 4.3.5 as being available to me yet.

Maybe I need to update to 4.3.4 first? That would be bizarre.

I'll wait a bit and see if this changes. If not, I'll update and then see if 4.3.5 pops up as being available.
 
zorinlynx said:
Why in the heck hasn't Apple merged the trees yet? Is it *that* hard?

Verizon users are kind of getting the short end of the stick and that annoys me.
Click to expand...

Might be licensing issues with Verizon and some of the features available in 4.3. I doubt it would just be out of laziness or technical complexity.
 
Now that I've delta updated to iOS 5 beta 4 over the air, these minor updates that require a huge download and an hour long restore process are completely laughable.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back