Apple released iOS 4.3.5, which can be downloaded and installed using iTunes.
A certificate chain validation issue existed in the handling of X.509 certificates. An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS.
Other attacks involving X.509 certificate validation may also be possible. This issue is addressed through improved validation of X.509 certificate chains.
This update is available for:
- iOS 3.0 through 4.3.4 for iPhone 3GS and iPhone 4 (GSM)
- iOS 3.1 through 4.3.4 for iPod touch (3rd generation) and later
- iOS 3.2 through 4.3.4 for iPad.