Apple releases iOS 4.3.5 to address certificate violation issue

Posted:
in iPhone edited January 2014
Apple on Monday released iOS 4.3.5 for the iPhone, iPad and iPod touch, addressing a security vulnerability related to certificate violation.



The update comes less than two weeks after iOS 4.3.4 was released. It is available for the GSM iPhone 4, iPhone 3GS, iPad 2, iPad, and third- and fourth-generation iPod touch.



Also released on Monday was iOS 4.2.10 for the CDMA iPhone, available on Verizon's network.



The previous iOS update was released on July 15. It patched a security hole related to viewing PDFs in the Mobile Safari Web browser, an exploit that had been utilized by hackers to "jailbreak" the iPhone and iPad.



Though security fixes have been issued, Apple is not expected to add any major new features to iOS 4. The company is focused on delivering the next-generation version of its mobile operating system, iOS 5, to users this fall.



iOS 5 is currently in beta and is being tested by developers who write software for iPhones and iPads. The fourth beta of iOS 5 was issued to developers last Friday.

Comments

  • Reply 1 of 17
    gustavgustav Posts: 827member
    Hey! No comments about how Apple is just doing it to cheat the jailbreak community out of their legal right to jailbreak their phones. I'm impressed.
  • Reply 2 of 17
    tallest skiltallest skil Posts: 43,388member
    Quote:
    Originally Posted by Gustav View Post


    Hey! No comments about how Apple is just doing it to cheat the jailbreak community out of their legal right to jailbreak their phones. I'm impressed.



    Thanks for inciting something that wasn't going to happen.



    All this is fluff before iOS 5, anyway. I'm sure plenty of "valid" users won't even upgrade.
  • Reply 3 of 17
    2oh12oh1 Posts: 503member
    Holy moly, this update is taking forever. I thought my iPhone 4 had crashed during the process of installing it, but finally, I see the progress bar moving.
  • Reply 4 of 17
    mrstepmrstep Posts: 513member
    Quote:
    Originally Posted by Gustav View Post


    Hey! No comments about how Apple is just doing it to cheat the jailbreak community out of their legal right to jailbreak their phones. I'm impressed.



    They only did this to prevent me from jailbreaking my phone - even though I don't jailbreak it to begin with!



    All better now, huh?
  • Reply 5 of 17
    wizard69wizard69 Posts: 13,377member
    Anybody with any sense will be updating ASAP. Honestly once an exploit is known in the wild you just asking for trouble to ignore an update.



    I see it as a very positive thing that Apple isn't shy about releasing security updates



    Quote:
    Originally Posted by Tallest Skil View Post


    Thanks for inciting something that wasn't going to happen.



    All this is fluff before iOS 5, anyway. I'm sure plenty of "valid" users won't even upgrade.



  • Reply 6 of 17
    mac.worldmac.world Posts: 340member
    Complete and utter scare tactic to prevent people from jailbreaking. Nothing more.
  • Reply 7 of 17
    curmudgeoncurmudgeon Posts: 483member
    Quote:
    Originally Posted by Gustav View Post


    Hey! No comments about how Apple is just doing it to cheat the jailbreak community out of their legal right to jailbreak their phones. I'm impressed.



    Legal perhaps. But not moral. The EULA stipulates against jailbreaking.
  • Reply 8 of 17
    auxioauxio Posts: 2,717member
    Quote:
    Originally Posted by Curmudgeon View Post


    Legal perhaps. But not moral. The EULA stipulates against jailbreaking.



    Morality?



    So if I create a product where the EULA stipulates that you're not allowed to eat meat while using my product, and you accept the EULA, that makes that activity immoral? If so, I think I just might start slipping such provisions into EULAs. Nobody besides lawyers reads those things anyways.
  • Reply 9 of 17
    noirdesirnoirdesir Posts: 1,027member
    Quote:
    Originally Posted by Gustav View Post


    Hey! No comments about how Apple is just doing it to cheat the jailbreak community out of their legal right to jailbreak their phones. I'm impressed.



    Yeah, Apple should show more fairness and give jealbreakers and malicious hackers also a chance, closing security holes so quickly is just not fair towards these two groups of people, they don't get a fair chance to do what they want to do.
  • Reply 10 of 17
    nobodyynobodyy Posts: 377member
    Quote:
    Originally Posted by noirdesir View Post


    Yeah, Apple should show more fairness and give jealbreakers and malicious hackers also a chance, closing security holes so quickly is just not fair towards these two groups of people, they don't get a fair chance to do what they want to do.



    Apple isn't legally obligated to leave holes open for people to jailbreak their phones. They wrote the OS and built the hardware, they can do whatever they want with it to keep it their product. Not to mention it was a security flaw.
  • Reply 11 of 17
    irnchrizirnchriz Posts: 1,616member
    Quote:
    Originally Posted by Mac.World View Post


    Complete and utter scare tactic to prevent people from jailbreaking. Nothing more.



    Your the kind of muppet that would post "epic fail, Apple leave glaring security hole open on the iPhone" if they didnt patch it.
  • Reply 12 of 17
    technotechno Posts: 737member
    Quote:
    Originally Posted by Nobodyy View Post


    Apple isn't legally obligated to leave holes open for people to jailbreak their phones. They wrote the OS and built the hardware, they can do whatever they want with it to keep it their product. Not to mention it was a security flaw.



    He was joking!
  • Reply 13 of 17
    .....
  • Reply 14 of 17
    Well, I just upgraded my iPhone 4 to 4.3.5, will do my iPad 2 tomorrow. As with all previous iOS upgrades, worked just fine and without any issues.



    I agree that most people should upgrade to this as quickly as possible. Surely, one of the reasons for Apple is to close another possible loophole for jailbreaking; I'm not interested in that - I did in the "original iPhone" days to get one working with my then non-supported German carrier through an unlock, which I don't need to do anymore - so I couldn't care less.



    What one should keep in mind for the sake of this discussion is a simple fact of life. Whatever allows someone to jailbreak their phone can also be exploited by malware, doing bad things to your data and your device. And one of the key reasons why iPhone, among the other mobile platforms, has seen the least amount of trouble with that kind of issue is clearly Apple's attention to those loopholes, their ability and willingness to fix them quickly and a really well-working upgrade process with a very good adoption rate.



    I for myself prefer to keep it that way, and with the current condition of the official app store and most software pricing, that's a very small price to pay for me to have such peace of mind.



    Fl.
  • Reply 15 of 17
    FYI, I used this exploit to painlessly jailbreak my iPad 2, then I immediately went to Cydia and installed the jailbreak friendly patch for said vulnerability, called "PDF Patcher 2." This exploit is not a hoax; it is a legitimate threat that the jailbreak community also felt obliged to fix in order to protect its users. Either jailbreak and patch, or update to iOS 4.3.5.
  • Reply 16 of 17
    Quote:
    Originally Posted by quaternio View Post


    FYI, I used this exploit to painlessly jailbreak my iPad 2, then I immediately went to Cydia and installed the jailbreak friendly patch for said vulnerability, called "PDF Patcher 2."



    FWIW, I think the PDF vulnerability was fixed with 4.3.4; this is something new related to some kind of certificate handling. It is not totally clear whether this can be used for jailbreaking and/or exploits, but in case of doubt, I'll trust Apple that it can be used to do something nasty. :-)
  • Reply 17 of 17
    Quote:
    Originally Posted by florianvk View Post


    FWIW, I think the PDF vulnerability was fixed with 4.3.4; this is something new related to some kind of certificate handling. It is not totally clear whether this can be used for jailbreaking and/or exploits, but in case of doubt, I'll trust Apple that it can be used to do something nasty. :-)



    Thanks for the heads up. Hopefully someone will/has post(ed) a patch for us folks.
Sign In or Register to comment.