Apple released iOS 4.3.5 today, purportedly to fix a potential security hole in the just released iOS 4.3.4. Called the man-in-the-middle bug by security site, threatpost, the exploit might have allowed attackers to intercept SSL information – that’s the system for encrypting users’ confidential and identifying information.

The Apple advisory note about the latest update has the following to say:

“Description: A certificate chain validation issue existed in the handling of X.509 certificates. An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS. Other attacks involving X.509 certificate validation may also be possible. This issue is addressed through improved validation of X.509 certificate chains.”

Notice the wording, “privileged network position.” This means that any potential hacker would need to already be in a position to interact with network traffic and data, further narrowing the potential for actual attack. Still, it’s nice to see Apple responding to such discoveries as they come to light, and that they take the security of our devices seriously, even this close to the planned release of iOS 5.

Posted in: Blog

Tagged with: , , , ,