According to the wording that comes with the update, it “fixes a security vulnerability with certificate validation.” Meanwhile, the CDMA (or Verizon) iPhone gets iOS 4.3.10.
Hit the jump for more details about the update:
iOS 4.3.5 Software Update
- Data SecurityAvailable for: iOS 3.0 through 4.3.4 for iPhone 3GS and iPhone 4 (GSM), iOS 3.1 through 4.3.4 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.4 for iPadImpact: An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLSDescription: A certificate chain validation issue existed in the handling of X.509 certificates. An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS. Other attacks involving X.509 certificate validation may also be possible. This issue is addressed through improved validation of X.509 certificate chains.
CVE-2011-0228 : Gregor Kopf of Recurity Labs on behalf of BSI, and Paul Kehrer of Trustwave’s SpiderLabs