Apple Releases Software Update For Ipad, Iphone And Ipad Touch, Patches Security Flaw

By Author: eccuni
Total Articles: 211
Comment this article

Apple has released another security update in less than two weeks to bolster the security of iPad, iPhone and iPod touch. The latest update iOS 4.3.5 resolves a validation issue associated with the handling of X.509 certificates. X.509 is one of the standards used for defining digital certificates. The vulnerability could allow an attacker, who has already gained privileged access to a network to identify various Secure Socket Layer (SSL)/Transport Layer Security (TLS) sessions, intercept the traffic and extract or alter the transmitting content. As such, for successful exploitation of the vulnerability, an attacker must have already compromised a machine and have attained access to the network. The update is applicable to iPad, iPhone 3GS, iPhone 4 (GSM), iPod Touch 3G and 4G. Apple has also released a separate update iOS 4.2.5 for iPhone 4 (CDMA) users for addressing the same security issue.

Attackers may gain access to confidential personal information related to the individuals by exploiting the vulnerability. They may use the extracted data for fraudulent purposes. They may even devise more sophisticated schemes ...
... to extract further information. Earlier in the month, Apple issued an update to fix an issue that allowed people to unlock or jailbreak their devices, and run restricted software. Apple was relatively quick in issuing the out-of-cycle update.

Vulnerabilities in software products may arise due to coding errors, wrong assumption of the operating environment, creation of new exploits by cybercriminals among others. Negligence and lack of security awareness among users also provide opportunities for attackers to exploit flaws and gain unauthorized access to devices. Vulnerabilities come into light either by their active exploitation by attackers, or on their identification by independent security researchers or professionals affiliated to various developers. In this case, security researchers affiliated to BSI and SpiderLabs identified the vulnerabilities. Developers must regular test the strength of the software products through penetration testing, detect and mitigate security flaws. Professionals qualified in masters of security science may help developers in understanding the prevalent risks in the business environment.

While attackers solely concentrate on exploiting flaws, developers face the constant challenge of developing innovative products to beat the competition. They also face shortage of experts in meeting the challenges posed by cybercriminals. Again, attackers take advantage of the time lag between patch release by a developer and its subsequent implementation by individuals and organizations. Threats in the IT space are vibrant and professionals must update their technical skills and know-how by undertaking online university degree programs and security certifications.

Individuals must keep track of the security updates by subscribing to alerts, following security blogs and advisories by developers. E-tutorials and online degree programs may help individuals in understanding and implementing cyber security fundamentals. Users must immediately install the security update to safeguard their devices and sensitive information stored on them. Proactive approach to security is required to deal with ever evolving and sophisticated threats in the IT environment. Developers and Internet security firms must coordinate to improve IT security awareness among the end-users and improve security practices.