Die iOS Version 4.3.5 schließt demnach eine weitere Sicherheitslücke betreffend SSL/TSL-Verbindungen und wird wie immer allen Usern von iPhone, iPad, iPod empfohlen.
Hier das offizielle Support-Dokument seitens Apple:
iOS 4.3.5 Software Update
Data Security
Available for: iOS 3.0 through 4.3.4 for iPhone 3GS and iPhone 4 (GSM), iOS 3.1 through 4.3.4 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.4 for iPad
Impact: An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS
Description: A certificate chain validation issue existed in the handling of X.509 certificates. An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS. Other attacks involving X.509 certificate validation may also be possible. This issue is addressed through improved validation of X.509 certificate chains.
Keine Kommentare:
Kommentar veröffentlichen