Security Wonks Urge iPhoners to Patch 'Em Up

Started by TechNews, Jul 29, 2011, 09:02 PM

TechNews

 The iOS vulnerability for which Apple issued a security patch on July 25 is very severe, according to security experts who are warning iOS device users to apply that patch as soon as possible. The vulnerability lies in a failure to validate SSL certificates correctly. That lets hackers use a tool called "sslsniff" to take over victims' iOS devices by using fake certificates. Apple's patch is for iOS 3.0 through 4.3.4 for the iPhone 3GS and iPhone 4 GSM -- meaning the AT&T iPhone, iOS 3.1 through 4.3.4 for the third-gen iPod touch and later, and iOS 3.2 through 4.3.4 for the iPad.