Not even two weeks have passed since Apple issued a security fix for iOS devices and we're already being prompted to update our gadgets again. The latest software download, iOS 4.3.5, is a minor update which fixes yet another rather pesky security vulnerability.
While Apple's description of the security update is a bit vague — it simply explains that if you don't download iOS 4.3.5, "an attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS" — the folks at Kaspersky Labs were able to clarify things a bit:
[T]he description implies that an attacker who has already compromised a machine on a given network and has the ability to see and identify SSL sessions might be able to decrypt the traffic and modify it. This kind of man-in-the-middle attack is quite common and would require the attacker to already have a foothold on the network in order to execute it.
In plainer words: Someone could intercept your web-surfing session and steal data — but only if he or she already has access to the network you're using.
You can get the update which will foil any plots to compromise your security in such a manner by plugging your iOS device into your computer and hitting the "check for updates" button in iTunes.
Do note that the 4.3.5 version is intended for the AT&T iPhone 4, the iPhone 3GS, the iPad 2, the iPad as well as third and fourth generation iPod Touch devices. Folks who own a Verizon iPhone 4 will find an update labeled 4.2.10instead — but it'll offer the same fix.
Related stories:
Rosa Golijan writes about tech here and there. She's obsessed with Twitter and loves to be liked on Facebook. Oh, and she can be found on Google+, too.
No comments:
Post a Comment