Jul 28, 2011 08:25 GMT  ·  By

A number of high-profile security researchers have gone on record to inform that Apple customers who own a new-generation iPhone may want to postpone any mobile transactions, or other activities that involve sending sensitive data over wireless networks, before updating to the latest version of iOS.

Chester Wisniewski, a senior security advisor at Sophos Canada, said "it is clearly critical that all users update as soon as possible, unless they only use their device for telephone calls.”

"This patch should be applied immediately if you log in to any service on your device, especially things like your bank or PayPal. Users are particularly vulnerable to this attack if they frequently use public/open Wi-Fi," he wrote in a blog post.

Discovered by Paul Kehrer and Gregor Kopf of Recurity Labs while conducting research for the German Federal Office for Information Security (BSI), the flaw emerged from the failure to verify a digital certificate's "Basic Constraints" to verify digital certificate origin, according to Kopf.

InformationWeek reports that iOS customers who believe may be vulnerable can access a test website created by Recurity Labs

According to Kopf, "if the Safari browser on your iDevice allows you to visit this site without issuing a warning, your device is vulnerable."

The only available patch is iOS 4.3.5 on GSM devices, and iOS 4.2.10 on devices using Verizon’s CDMA airwaves.

Apple does explain that said software updates are necessary to patch this flaw, but does little to actually warn users of the repercussions if they postpone the update, according to Andrew Storms, director of security operations for automated security and compliance provider nCircle.

Security researchers thus concluded that this particular iOS bug is worse than Apple’s security bulletin would have them believe.

It is also being reported that older iOS devices, that are only capable of running iOS versions lower than 4.0, remain affected.

"If you are using an iPod Touch generation one or two, or an iPhone older than the 3GS, you will be perpetually vulnerable," said Wisniewski. "Owners of these devices should not use them for any purpose for which security or privacy is required."