This update didn't take long, is just a few days after iOS 4.3.4 minor update was came out. It seems that Apple has not long discovered a problem in the certificate validation. Therefore, they quickly issued this security update.
In this newly update, Apple stated that attackers that having a privileged network position may capture or modify data in sessions protected by SSL/TLS. A certificate chain validation issue existed in the handling of X.509 certificates. Other possibility attacks involving X.509 certificate validation may also happen. This issue is addressed through improved validation of X.509 certificate chains.
Yes, it's just a simple update. So why Apple don't includes this minor update in the previous update of iOS 4.3.4? It's likely that at the time, Apple has not found this certificate vulnerability.
Same as the previous 4.3.4 version, for jailbreakers please stay away from this update, because if you have untethered jailbreak on device's iOS 4.3.3 or older, this update can't maintain the jailbroken state. It's currently not possible to doing untethered jailbreak for iOS version 4.3.5 or 4.3.4.
While no untethered jailbreak available for iOS 4.3.4/4.3.5, users can still performs a tethered jailbreak using latest version of Redsn0w. The way of this jailbreak much likely as to every version of iOS 4 before any untethered jailbreaks provided. However, the tethered jailbreak is unpractical, since they require the device to be plugged into a computer running Redsn0w or an others tool with same function every time iDevice restarted or lose it's power in order to boot into a jailbroken state. Note that this jailbreak method doesn’t work on the iPad 2.
We do not know the level of vulnerability of jailbroken iOS 4.3.3 if it is not updated to iOS version 4.3.5. When the PDF exploits vulnerability problem on jailbroken iOS 4.3.3 can be adressed with PDF Patcher 2 utility, rather than updating to iOS 4.3.4, the fixed certificate validation exploit maybe not yet has it's equivalence either from jailbreak experts or from Cydia store. So, every iOS 4.3.3 users (both jailbroken or not) must be careful for this issue.
For you that wanting this updates, it is available through iTunes desktop application, or you can also download the specific version for your device's iOS directly from the links at the bottom of this post.
Download directly iOS 4.3.5:
- iPhone 4 GSM,
- iPhone 4 CDMA,
- iPhone 3GS,
- iPod Touch 3rd generation,
- iPod Touch 3rd generation,
- For iPad 1,
- iPad 2,
- iPad 2.2,
- iPad 2.3.
0 comments:
Post a Comment