Apple Releases iOS 4.3.2, Fixes Comodo SSL Bug
Apple has updated iOS to 4.3.2 to fix Comodo SSL vulnerability that occurred in March.
California-based Apple said the latest update is available for iOS 3.0 through 4.3.1 for iPhone 3GS and later, iOS 3.1 through 4.3.1 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.1 for iPad
The update was mainly released to fix a Comodo SSL bug. Several fraudulent SSL certificates were issued by a Comodo affiliate registration authority. This may allow a man-in-the-middle attacker to redirect connections and intercept user credentials or other sensitive information. This issue is addressed by blacklisting the fraudulent certificates.
With the latest update, Apple also released a patch for a bug in Quicklook and issued two updates to Webkit, a layout engine designed to allow web browsers to render web pages. WebKit powers Google Chrome and Safari, which in January 2011 had around 17.3 percent and 5.3 percent of browser market share respectively.
The latest updates to Webkit will now prevent hackers from running codes when users visit a maliciously crafted website. Meanwhile, Apple also fixed a similar issue with libxslt library.
In addition, Apple patched a memory corruption issue existed in QuickLook's handling of Microsoft Office files.
For CDMA iPhone 4 users, Apple updated iOS to 4.2.7 to fix the Comodo SSL issue and same bugs associated with Quicklook and Webkit. The update is available for iOS 4.2.5 through 4.2.6 for iPhone 4 (CDMA).
Apple has also released a similiar security update for Mac OS X users.
© Copyright IBTimes 2024. All rights reserved.