Friday, April 15, 2011

Apple releases IOS 4.3.2 to fix Comodo SSL breach

SOFTWARE DEVELOPER Apple has released IOS 4.3.2 for the Iphone 3GS, Iphone 4, Ipads and third and fourth generation Ipod Touch devices.

Apple made a number of fixes with IOS 4.3.2 including fixing blank or frozen Facetime calls and international 3G connections on the Ipad, but most of the update addresses security issues. Top of Apple's list was to issue a fix that mitigates the Comodo SSL vulnerability that occurred last month.

One of Comodo's affiliate registration authorities was compromised, resulting in the fraudulent issuance of SSL certificates. Apple's IOS 4.3.2 blacklists those certificates that were fraudently issued. A similar security update for Mac OS X users was also released by Apple at the same time.

Apple issued two updates to Webkit, the rendering engine behind its Safari web browser, to stop hackers from running code if the user visits a maliciously crafted website. A similar security hole has been patched in the libxslt library and an update to Quicklook will protect against dodgy Microsoft Office files that might try to use the software to execute code without the user's knowledge.

At this point Apple has yet to release IOS 4.3.2 for its CDMA Iphone 4, but it will be surprising if Apple waits too long to issue some sort of update to at least blacklist dodgy Comodo SSL certificates.

Although the list of features and fixes might sound a tad sparse, Apple's IOS 4.3.2 weighs in at 666MB, so the devil must be in the details.

No comments:

Post a Comment