It’s been less than two weeks since Apple issued a security fix for the Ipad and we’re already being asked to update again. The current software download, iOS 4.3.5, is a minor update which fixes another security vulnerability.
Apple doesn’t give a lot of information on the update — it simply explains that if you don’t download iOS 4.3.5 for the Ipad, “an attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS” — Kaspersky Labs was able to clarify things a bit:
[T]he description implies that an attacker who has already compromised a machine on a given network and has the ability to see and identify SSL sessions might be able to decrypt the traffic and modify it. This kind of man-in-the-middle attack is quite common and would require the attacker to already have a foothold on the network in order to execute it.
In plainer words: Someone could intercept your web-surfing session and steal data from your Ipad — but only if he or she already has access to the network you’re using.
You can get the update which will stop any plots to compromise your security in such a manner by plugging your Ipad into your computer and hitting the “check for updates” button in iTunes.
One thing to note that the 4.3.5 version is intended for the AT&T iPhone 4, the iPhone 3GS, the iPad 2, the iPad as well as third and fourth generation iPod Touch devices. People who own a Verizon iPhone 4 will find an update labeled 4.2.10instead — but it’ll offer the same fix.