You see, when you use your iPhone or iPad for something that requires your identification, that is usually done over an encrypted connection. Thanks to a tool called sslsniff, a hacker with access to your Internet traffic can read all that encrypted data, assuming that you have not updated to iOS 4.3.5 yet. That includes the username and password for your PayPal or online banking account, Facebook profile, and anything else that requires your log in credentials. What makes the hacker's job even easier is that sslsniff works without the victim's awareness and can easily determine whether the targeted device is vulnerable or not.
Updating to iOS 4.3.5, or 4.2.9 if you are a Verizon subscriber, is strongly recommended if you use your iDevice for anything beyond making phone calls and sending text messages. As for those who are still holding on to an iPhone 3G or older, a security fix for those handsets will not be made available.
source: Naked Security via PCMag