Apple has released a new version of iOS, 4.3.4 (4.2.9 for the Verizon iPhone) in an effort to fixed a PDF exploit that could allow hackers to take remote control of Apple's devices.
Website www.jailbreakme.com
had released code that Apple customers could use to modify the
iOS operating system that runs those devices through a process known as "jail
breaking." The jailbreaking code exploited a vulnerability in iOS that had not
previously been disclosed. Hackers could take advantage of the security hole to
build malicious software that would exploit the vulnerability.
Here is how Apple described the issues that have been resolved with the release of
the latest iOS update:
- A buffer overflow exists in FreeType's handling of TrueType font files. Viewing
a maliciously crafted PDF file may lead to an unexpected application termination
or arbitrary code execution."
- A signedness issue exists in FreeType's handling of Type 1 fonts. Viewing a
maliciously crafted PDF file may lead to an unexpected application termination or
arbitrary code execution."
- An invalid type conversion issue exists in the use of IOMobileFrameBuffer
queueing primitives, which may allow malicious code running as the user to gain
system privileges.
More information on the latest updates is available
here (iOS 4.3.4) and
here (iOS 4.2.9 for Verizon
CDMA phones)