Security flaw that iOS 4.3.5 fixed could expose your sensitive data

When Apple released iOS 4.3.5 to address a security vulnerability in its platform, it wasn't exactly clear how big of a hole in the system's defense was being patched. Well, it turns out that the flaw in iOS was a pretty critical one indeed as it would have given an attacker the chance to easily sniff on your sensitive information.

You see, when you use your iPhone or iPad for something that requires your identification, that is usually done over an encrypted connection. Thanks to a tool called sslsniff, a hacker with access to your Internet traffic can read all that encrypted data, assuming that you have not updated to iOS 4.3.5 yet. That includes the username and password for your PayPal or online banking account, Facebook profile, and anything else that requires your log in credentials. What makes the hacker's job even easier is that sslsniff  works without the victim's awareness and can easily determine whether the targeted device is vulnerable or not.

Updating to iOS 4.3.5, or 4.2.9 if you are a Verizon subscriber, is strongly recommended if you use your iDevice for anything beyond making phone calls and sending text messages. As for those who are still holding on to an iPhone 3G or older, a security fix for those handsets will not be made available.

source: Naked Security via PCMag