F5.5G Leap-forward Development of Broadband in Africa The Africa Broadband Forum 2024 (BBAF 2024) was successfully held in Cape Town, South Africa recently, under…
Apple bangs out another bug fix
Apple has released a security update for the iPad, iPhone and iPod Touch. The update is designed to fix a problem with certificates for encrypted sites that could allow an attacker to modify or intercept data. The bugfix is released as an update to iOS with version 4.3.5 – updates done via iTunes as usual.
This update comes just days after Apple released a patch for a PDF vulnerability.
The details from Apple are fairly opaque, but an analysis by Trustwave’s SpiderLabs suggests that a flaw in iOS does not check the validity chain of certificates, which potentially allows an attacker to use an existing valid certificate to sign a new one for any domain. This could enable a man-in-the-middle attack.
For you jailbreakerati, according to reports tools such as Redsn0w still work.
Have at it, you lot. You know what to do.
Details:
Models affected:
• iPhone 4 (GSM model)
• iPhone 3GS
• iPad and iPad 2
• iPod touch (3rd and 4th generation)
Impact: An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS
Description: A certificate chain validation issue existed in the handling of X.509 certificates. An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS. Other attacks involving X.509 certificate validation may also be possible. This issue is addressed through improved validation of X.509 certificate chains.