Apple has released iOS 4.3.5 for the iPhone (GSM model), iPod touch, and iPad, and iOS 4.2.10 for the iPhone (CDMA model) to address a vulnerability. This vulnerability may allow an attacker with a privileged network position to capture or modify data in SSL/TLS sessions.
US-CERT encourages users and administrators to review Apple Support Articles HT4824 and HT4825 and apply any necessary updates to help mitigate the risks.
CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2019-19006 Sangoma FreePBX Improper…