Apple Fixes iOS Security Flaw

Thursday, April 25, 2024

Home

News

Reviews

Articles

Guides

Download

Expert Area

Forum

Site Info

Saturday, July 16, 2011

Apple Fixes iOS Security Flaw

You are sending an email that contains the article
and a private message for your recipient(s).

Your Name:

Your e-mail:

* Required!

Recipient (e-mail):

Subject:

Introductory Message:

HTML/Text
(Photo: Yes/No)

(At the moment, only Text is allowed...)

Message Text:

Apple has released a new version of iOS, 4.3.4 (4.2.9 for the Verizon iPhone) in an effort to fixed a PDF exploit that could allow hackers to take remote control of Apple's devices.

Website www.jailbreakme.com had released code that Apple customers could use to modify the iOS operating system that runs those devices through a process known as "jail breaking." The jailbreaking code exploited a vulnerability in iOS that had not previously been disclosed. Hackers could take advantage of the security hole to build malicious software that would exploit the vulnerability.

Here is how Apple described the issues that have been resolved with the release of the latest iOS update:

- A buffer overflow exists in FreeType's handling of TrueType font files. Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution."
- A signedness issue exists in FreeType's handling of Type 1 fonts. Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution."
- An invalid type conversion issue exists in the use of IOMobileFrameBuffer queueing primitives, which may allow malicious code running as the user to gain system privileges.

More information on the latest updates is available here (iOS 4.3.4) and here (iOS 4.2.9 for Verizon CDMA phones)