14 DAY TRIAL // Apple has released security updates for its iOS mobile platform in order to address a serious SSL validation vulnerability which allows attackers to compromise secure communications.
The security flaw affects X.509 certificate chains and was patched by improving their validation in the newly released iOS 4.3.5 for iPhone (GSM), iPod touch and iPad, and iOS 4.2.10 for iPhone (CDMA).
"A certificate chain validation issue existed in the handling of X.509 certificates. An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS," Apple writes in its advisory.
"Other attacks involving X.509 certificate validation may also be possible," the iDevice maker notes. The vendor credits Gregor Kopf of Recurity Labs and Paul Kehrer of Trustwave's SpiderLabs.
Due to the serious impact this vulnerability can have on privacy, users are encouraged to upgrade to the new iOS versions as soon as possible.
These updates come a week after Apple released iOS 4.3.4 and 4.2.9 to address several security vulnerabilities including one that was being exploited to jailbreak iDevices.
That vulnerability, discovered by Comex, the creator of the JailbreakMe.com remote jailbreak, has been nominated for this year's "Best Client-Side Bug" Pwnie award.
Users with jailbroken devices are still running iOS 4.3.3 and 4.2.8 and will remain vulnerable to the SSL man-in-the-middle attacks until hackers find a jailbreak method for the patched versions.
Because of this, these users are advised to only use trusted and secure wireless networks when connecting to the Internet and transmitting sensitive data over SSL.
The latest iOS version for iPhone and iPod touch can be downloaded from here. The latest iOS version for iPad can be downloaded from here.