Apple released a mobile security update this week to fix a security issue with certificate validation.
According to Apple, a certificate chain validation issue existed in the handling of X.509 certificates and an attacker with a privileged network position could capture or modify data in sessions protected by SSL/TLS.
Other attacks involving X.509 certificate validation may also be possible. This issue is addressed through improved validation of X.509 certificate chains in update iOS 4.3.5.
The new patch can be applied to the iPhone 3GS and iPhone 4, third generation or later iPod touches running iOS 3.1 to 4.3.4 and iPads running iOS 3.2 to 4.3.4.
Nicholas J. Percoco, senior vice president and head of Trustwave's SpiderLabs, praised Apple's security team for the ‘very rapid response to this issue', saying that this was related to his talk at the Def Con show in two weeks.