Apple delivers iOS 4.3.4 to patch PDF security hole

Apple has released a new version of its iOS software that patches a PDF vulnerability used to help jailbreak devices. The new software brings no other features.

CNET

Apple rolled out a minor security update to iOS this morning that fixes a vulnerability with the software's PDF-reading capabilities.

iOS 4.3.4 (and 4.2.9 for those on Verizon) is available as a free update to iPhone, iPod Touch, and iPad users. A description of the update says it "fixes (a) security vulnerability associated with viewing malicious PDF files." That's the same one used by JailbreakMe.com, a site that re-launched earlier this month to allow users to jailbreak their phones without using a computer or any special software, giving the owners a way to install third-party software and make low-level system changes.

Shortly after the release of that tool, and a reaction by Germany's IT agency calling the exploit a part of "critical weaknesses" in iOS, Apple responded by saying it took security "very seriously" and that it was "developing a fix."

Beyond jailbreaking, the danger of having a vulnerability in place that is well-known is that it can make devices a target for attackers. "The Jailbreakme.com exploit downloads a payload to jailbreak the phone, but it could be changed to deliver a malicious payload," said Charlie Miller, a principal research consultant at Accuvant and an Apple security expert, in an interview with CNET last week.

This is the second time Apple has had to fix a vulnerability in its PDF-viewing technology. In August an earlier version of Jailbreakme.com exploited the way the PDF viewer loaded fonts to let users gain low-level system access, and install third-party application installers.

(via Macrumors)

 

Join the discussion

Conversation powered by Livefyre

Don't Miss
Hot Products
Trending on CNET

HOT ON CNET

How well do you know your surge protector?

Whether you're looking to add more outlets, or want to add a layer of protection between your gear and the outside world, here's what you need to know.