A mere ten days after the release of iOS 4.3.4 (which closed the PDF exploit used by comex in JailbreakMe 3 to jailbreak all iOS devices), Apple has released iOS 4.3.5. This is a small security update that doesn’t bring any user facing features, or close the tethered jailbreak available on iOS 4.3.4. Instead this update (build 8L1) is said to fix a security vulnerability with certificate validation. A separate update, iOS 4.2.10 (build 8E600) is available for Verizon iPhone owners (sorry, still no iOS 4.3 features for you guys).

Apple has posted a support document (CVE-2011-0228) officially explaining the security fix in this update.

Impact: An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS

Description: A certificate chain validation issue existed in the handling of X.509 certificates. An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS. Other attacks involving X.509 certificate validation may also be possible. This issue is addressed through improved validation of X.509 certificate chains.

[Apple]