No ad to show here.

Apple bangs out another bug fix

Apple has released a security update for the iPad, iPhone and iPod Touch. The update is designed to fix a problem with certificates for encrypted sites that could allow an attacker to modify or intercept data. The bugfix is released as an update to iOS with version 4.3.5 – updates done via iTunes as usual.

This update comes just days after Apple released a patch for a PDF vulnerability.

No ad to show here.

The details from Apple are fairly opaque, but an analysis by Trustwave’s SpiderLabs suggests that a flaw in iOS does not check the validity chain of certificates, which potentially allows an attacker to use an existing valid certificate to sign a new one for any domain. This could enable a man-in-the-middle attack.

For you jailbreakerati, according to reports tools such as Redsn0w still work.

Have at it, you lot. You know what to do.

Details:

Models affected:
• iPhone 4 (GSM model)
• iPhone 3GS
• iPad and iPad 2
• iPod touch (3rd and 4th generation)

Impact: An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS

Description: A certificate chain validation issue existed in the handling of X.509 certificates. An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS. Other attacks involving X.509 certificate validation may also be possible. This issue is addressed through improved validation of X.509 certificate chains.

No ad to show here.

More

News

Sign up to our newsletter to get the latest in digital insights. sign up

Welcome to Memeburn

Sign up to our newsletter to get the latest in digital insights.

Exit mobile version