Getting real: Apple issues second iOS security patch in 10 days
Mobile security issues are no longer the next big thing. The threats are here, and vulnerabilities could be present in your pocket right now.
Apple has released the second security update to iOS 4.3 in just over a week. While the last update addressed a vulnerability to maliciously crafted PDF files, this update fixes a security issue with certificate validation.
According to Apple's support bulletin, this vulnerability is a certificate chain validation issue in the handling of X.509 certificates. Someone with an appropriate x.509 certificate could "capture or modify data" in sessions protected by SSL/TLS on iOS devices. Apple said other attacks involving X.509 certificate validation could also be possible through this vulnerability.
The patch can be applied to GSM iPhone 3GS, iPhone 4 and third generation or later iPod touches running iOS 3.1 through 4.3.4, and iPads running iOS 3.2 through 4.3.4.