Apple releases iOS updates to fix PDF vulnerabilities
After last week’s report from the German government regarding PDF-related security vulnerabilities in MobileSafari, Apple has stepped up: The company on Friday released updates for all iOS devices that fix the problem. The updates are recommended for all users of Apple’s mobile devices.
Though they both fix the same three vulnerabilities, the patch comes in two versions, thanks to the different flavors of the iPhone 4. iOS 4.3.4 applies to the iPad and iPad 2, the third- and fourth-generation iPod touch, the iPhone 3GS, and the iPhone 4 (GSM model); users of the CDMA model of the iPhone 4 instead get iOS 4.2.9.
The issues addressed in the updates include the aforementioned PDF problem within Apple’s CoreGraphics framework, which exploits FreeType’s TrueType and Type 1 fonts to execute malicious code, and a conversion problem within the IOMobileFrameBuffer framework, which could allow code to inadvertently gain system privileges by posing as the user. The PDF-related exploits were also being used in the latest jailbreak method for iOS devices, a process that could be accomplished via the jailbreakme.com website; Apple’s patch reportedly now disables that method.
You can download these updates by plugging in your respective iOS device and checking for updates in iTunes; if you’d like to read more about the security fixes in question, you can check out Apple’s knowledge base documents on the updates, linked above.