Apple Releases iOS 4.3.5, iOS 4.2.10 to Fix Security Issue
Out of the blue, Apple has released iOS 4.3.5 and iOS 4.2.10. The new versions fix another security hole, and have been released only about a week after Apple patched other security holes with iOS 4.3.4 and 4.2.9.
iOS 4.3.5 is available for iOS 3.0 through 4.3.4 for iPhone 3GS and iPhone 4 (GSM), iOS 3.1 through 4.3.4 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.4 for iPad.
iOS 4.2.10 is available for iOS 4.2.5 through 4.2.9 for iPhone 4 (CDMA).
The new release fixes the following security issue (and Apple must be happy that, unlike the PDF issue fixed in the last release, it managed to fix this prior to the exploit being pointed out to it by an external source):
Impact: An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS
Description: A certificate chain validation issue existed in the handling of X.509 certificates. An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS. Other attacks involving X.509 certificate validation may also be possible. This issue is addressed through improved validation of X.509 certificate chains.
Just as with iOS 4.3.4 and iOS 4.2.9, if you are using the JailBreakMe jailbreak, don't install the update. If you already have, you can still jailbreak using redsn0w, but it's a tethered jailbreak (meaning you have to re-jailbreak every time the device reboots) and it won't work on iPad 2 (yet).
If you choose to update, to do so you simply plug your iDevice into you computer, start up iTunes, and if necessary open up your iDevice in the sidebar on the left and force it to check for an update.
iOS 4.3.5 is available for iOS 3.0 through 4.3.4 for iPhone 3GS and iPhone 4 (GSM), iOS 3.1 through 4.3.4 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.4 for iPad.
iOS 4.2.10 is available for iOS 4.2.5 through 4.2.9 for iPhone 4 (CDMA).
The new release fixes the following security issue (and Apple must be happy that, unlike the PDF issue fixed in the last release, it managed to fix this prior to the exploit being pointed out to it by an external source):
Impact: An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS
Description: A certificate chain validation issue existed in the handling of X.509 certificates. An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS. Other attacks involving X.509 certificate validation may also be possible. This issue is addressed through improved validation of X.509 certificate chains.
Just as with iOS 4.3.4 and iOS 4.2.9, if you are using the JailBreakMe jailbreak, don't install the update. If you already have, you can still jailbreak using redsn0w, but it's a tethered jailbreak (meaning you have to re-jailbreak every time the device reboots) and it won't work on iPad 2 (yet).
If you choose to update, to do so you simply plug your iDevice into you computer, start up iTunes, and if necessary open up your iDevice in the sidebar on the left and force it to check for an update.
