Apple Releases iOS 4.3.5 to Address Security Issue With Certificate Validation

Monday July 25, 2011 11:25 am PDT by Eric Slivka

Only ten days after releasing iOS 4.3.4, Apple has just pushed out iOS 4.3.5 to address a security issue with certificate validation.
iOS 4.3.5 Software Update

Fixes a security vulnerability with certificate validation.
The new version checks in as Build 8L1, and is for the GSM iPhone 4, iPhone 3GS, all iPads, and the third- and-fourth-generation iPod touch. A separate iOS 4.2.10 (Build 8E600) is available for the CDMA iPhone.

Direct download links:
- iPhone 4 GSM
- iPhone 4 CDMA (iOS 4.2.10)
- iPhone 3GS
- iPad 2 Wi-Fi
- iPad 2 GSM
- iPad 2 CDMA
- Original iPad
- iPod touch (fourth-generation)
- iPod touch (third-generation)

Update: Some users are reporting receiving errors when attempting to connect to Apple's servers for the update, but with repeated attempts it seems as though users are able to get through.

Update 2: Apple has now posted a support document describing the security issue patched in the update. The issue has been given an identifier of CVE-2011-0228.
Impact: An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS

Description: A certificate chain validation issue existed in the handling of X.509 certificates. An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS. Other attacks involving X.509 certificate validation may also be possible. This issue is addressed through improved validation of X.509 certificate chains.


Related Roundups: iPod touch, iPad
Tags: iOS 4, iOS 4.3.5
Buyer's Guide: iPod Touch (Neutral), iPad (Buy Now)
[ 93 comments ]

Top Rated Comments

(View all)

Avatar
fishmoose
111 months ago

Does anybody go through the trouble to update to these pointless releases?
There hasn't been anything new since 4.3.0...


People who care about security do.
Rating: 19 Votes
Avatar
reclusive46
111 months ago
I can't wait till delta updates lol
Rating: 8 Votes
Avatar
Gemütlichkeit
111 months ago

Does anybody go through the trouble to update to these pointless releases?
There hasn't been anything new since 4.3.0...


takes 10 minutes to download and 5 minutes to update.

is that such a burden?
Rating: 7 Votes
Avatar
exiledzuko
111 months ago
came up as 666.6 mb download... careful! 666!
Rating: 6 Votes
Avatar
fishmoose
111 months ago

And then over an hour to resync all my stuff


Don't do a restore when updating then...
Rating: 4 Votes
Avatar
tethead
111 months ago
damn, wish all these point releases were coming in OTA instead... can't wait for iOS 5!!!
Rating: 3 Votes
Avatar
SnowLeopard2008
111 months ago
I accidentally clicked the check for update button while syncing my iPhone. Good thing I'm in class right now and can utilize my campus' blazing fast WiFi. The whole thing downloads in less than 8 minutes.
Rating: 3 Votes
Avatar
PeterM11
111 months ago
Always good to see security updates.

Small aside, is anyone surprised Apple hasn't made the GSM and CDMA models on the same version number yet? I suppose they will with iOS 5.
Rating: 3 Votes
Avatar
Menge
111 months ago

and yet verizon is still stuck on 4.2.7, wtf

4.2.10 is out for Verizon users as well. You are quite a lot behind.
Rating: 2 Votes
Avatar
jclardy
111 months ago
Can't wait for iOS5 and delta updates.
Rating: 2 Votes

[ Read All Comments ]