Apple iOS update patches PDF security hole
Apple has released an iOS update for the iPhone, iPad and iPod touch that patches a security flaw related to viewing PDF files in the mobile Safari web browser.
Classified solely as a security update, the patch does not include any new features or fixes.
iOS 4.3.4 is currently available for the GSM iPhone 4, iPhone 3GS, iPad/iPad 2, and third/fourth-gen iPod touch, while firmware iOS 4.2.9 targets the CDMA iPhone 4 for Verizon users.
The update arrives a little over a week after the JailBreakMe team released an (updated) utility to crack open iOS devices via the above-mentioned PDF vulnerability.
However, the same security hole could allow a hacker to gain access to an iOS device if the user visits a website and opens a PDF laden with malicious code.
As such, Apple has plugged the hole, which relied on a buffer overflow in FreeType's handling of TrueType fonts, as well as a signedness issue with Type 1 fonts.
The update also includes a patch for iOS's IOMobileFrameBuffer that addresses an invalid type conversion issue and could allow malware to gain system privileges.
iOS 4.3.4 can be installed by connecting to iTunes and selecting update.