The iOS vulnerability for which Apple issued a security patch on July 25 is very severe, according to security experts who are warning iOS device users to apply that patch as soon as possible. The vulnerability lies in a failure to validate SSL certificates correctly. That lets hackers use a tool called "sslsniff" to take over victims' iOS devices by using fake certificates. Apple's patch is for iOS 3.0 through 4.3.4 for the iPhone 3GS and iPhone 4 GSM -- meaning the AT&T iPhone, iOS 3.1 through 4.3.4 for the third-gen iPod touch and later, and iOS 3.2 through 4.3.4 for the iPad.