Security flaw that iOS 4.3.5 fixed could expose your sensitive data

Security flaw that iOS 4.3.5 fixed could expose your sensitive data
When Apple released iOS 4.3.5 to address a security vulnerability in its platform, it wasn't exactly clear how big of a hole in the system's defense was being patched. Well, it turns out that the flaw in iOS was a pretty critical one indeed as it would have given an attacker the chance to easily sniff on your sensitive information.

You see, when you use your iPhone or iPad for something that requires your identification, that is usually done over an encrypted connection. Thanks to a tool called sslsniff, a hacker with access to your Internet traffic can read all that encrypted data, assuming that you have not updated to iOS 4.3.5 yet. That includes the username and password for your PayPal or online banking account, Facebook profile, and anything else that requires your log in credentials. What makes the hacker's job even easier is that sslsniff  works without the victim's awareness and can easily determine whether the targeted device is vulnerable or not.

Updating to iOS 4.3.5, or 4.2.9 if you are a Verizon subscriber, is strongly recommended if you use your iDevice for anything beyond making phone calls and sending text messages. As for those who are still holding on to an iPhone 3G or older, a security fix for those handsets will not be made available.

source: Naked Security via PCMag

Related phones

iPhone 4
  • Display 3.5" 640 x 960 pixels
  • Camera 5 MP / 0.3 MP VGA front
  • Processor Apple A4, Single core, 1000 MHz
  • Storage 32 GB
  • Battery 1420 mAh(7.00h 3G talk time)
iPad 2
  • Display 9.7" 1024 x 768 pixels
  • Camera 0.7 MP / 0.3 MP VGA front
  • Processor Apple A5, Dual-core, 1000 MHz
  • Storage 64 GB
  • Battery 6944 mAh

FEATURED VIDEO

19 Comments

1. protozeloz

Posts: 5396; Member since: Sep 16, 2010

So glad its fixed

2. The_Miz

Posts: 1496; Member since: Apr 06, 2011

Apple is quick at fixing stuff like this, they don't wait until 30+ rogue programs get out and then do something about it.

3. Laurynas unregistered

Some other news related with Apple and exploits: "Apple Laptops Vulnerable To Hack That Kills Or Corrupts Batteries" Read more:http://blogs.forbes.com/andygreenberg/2011/07/22/apple-laptops-vulnerable-to-hack-that-kills-or-corrupts-batteries/

14. The_Miz

Posts: 1496; Member since: Apr 06, 2011

Has nothing to do with cellphones.

17. Laurynas unregistered

Yes, I know. It is just information related with Apple.

5. C'monSon unregistered

The difference there is that programs are not controlled by Google is who I'm going to assume your talking about. They were by someone who was taking paid and other programs and re-releasing them for free, so to be vulnerable to the you had to of downloaded it. This is to do with Apples OS, not something to download so if your looking at risks, this is the bigger of the two. Everyones vulenrable to this who doesn't update, Android is vulnerable only if your a idiot and try and download paid apps for free.

13. The_Miz

Posts: 1496; Member since: Apr 06, 2011

Who me? Oh noes, I didn't name anyone at all. It's not my fault if Google can't control their own damn market with better quality control. And Android has so many security risks and flaws in its OS that it essentially feels like Windows.

19. iHateCrapple

Posts: 734; Member since: Feb 12, 2010

If you knew anything about computers you would know that Windows machines are actually more secure than most other operating systems, their just more common. crApples OS is whats filled with security risks and flaws. http://techland.time.com/2011/03/14/pwn2own-roundup-apple-fails-google-stays-strong/ Make sure you read that article...I dont think you'll talk sh*t afterwards.

4. taco50

Posts: 5506; Member since: Oct 08, 2009

I've been updated as soon as it came out

6. SuperAndroidEvo

Posts: 4888; Member since: Apr 15, 2011

This proves that no OS is perfect. iSheep always knock Android, but now they need to understand that iOS is no different. If it's an OS then it can be compromised. Both Android & Apple fix their issues quickly, that is good for the customer. Remember malware & hacks can be made to tailor ANY OS. There is no safe or safer OS. All OS's are vulnerable!

15. The_Miz

Posts: 1496; Member since: Apr 06, 2011

iSheep. Oh like Andrones have much room to talk with all the malware and viruses prevalent on Android. That's what happens when you try and use the Linux kernel for a half baked OS.

18. Laurynas unregistered

Talking about malware, there is also many types of malware on Symbian and iOS operating systems!

7. wassup

Posts: 565; Member since: Jun 23, 2011

and the iFans say Android has security issues, might i add that in the hacking contest, only WP7 and android remained unhacked. iOS crumbled in a matter of minutes, along with blackberry. iOS is about as safe as a car left in the ghetto, opened, and with the keys inside.

8. stealthd unregistered

Yes WP7 and Android were "unhacked" because no one tried to hack them, not because they're more secure.

9. SuperAndroidEvo

Posts: 4888; Member since: Apr 15, 2011

Exactly what I said in my other post. No OS is secure. To say one OS is more secure than another is wrong. To think that, would be fallacy like unicorns & the pot of gold at the ends of a rainbow!

16. wassup

Posts: 565; Member since: Jun 23, 2011

no, people DID try to hack them, but they failed.

10. G-reg unregistered

So if you have the iphone 3g... Good f'n luck casue your beloved company just doesnt give a sh!t about keeping your bank info safe. And thanks to the natural way of media, this exploit is known by more hackers now than the useres themselves.

11. Tmachaveli

Posts: 425; Member since: Apr 01, 2011

excuse me while i hack into this perfert os lol

12. rican

Posts: 132; Member since: Jul 02, 2011

s**t happens all the time friend of mine is a comp hacker, too easy these days. real scary if you think about it, i dont care too much if they steal pics or contacts but i do check my bank on my phone.

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.