Apple delivers iOS 4.3.4 to patch PDF security hole

Apple has released a new version of its iOS software that patches a PDF vulnerability used to help jailbreak devices. The new software brings no other features.


Apple rolled out a minor security update to iOS this morning that fixes a vulnerability with the software's PDF-reading capabilities.

iOS 4.3.4 (and 4.2.9 for those on Verizon) is available as a free update to iPhone, iPod Touch, and iPad users. A description of the update says it "fixes (a) security vulnerability associated with viewing malicious PDF files." That's the same one used by, a sitethat re-launched earlier this month to allow users to jailbreak their phones without using a computer or any special software, giving the owners a way to install third-party software and make low-level system changes.

Shortly after the release of that tool, and a reaction by Germany's IT agency calling the exploit a part of "critical weaknesses" in iOS, Apple responded by saying it took security "very seriously" and that it was "developing a fix."

Beyond jailbreaking, the danger of having a vulnerability in place that is well-known is that it can make devices a target for attackers. "The exploit downloads a payload to jailbreak the phone, but it could be changed to deliver a malicious payload," said Charlie Miller, a principal research consultant at Accuvant and an Apple security expert, in an interview with CNET last week.

This is the second time Apple has had to fix a vulnerability in its PDF-viewing technology. In August an earlier version of exploited the way the PDF viewer loaded fonts to let users gain low-level system access, and install third-party application installers.

(via Macrumors)

Featured Video

Tim Cook's blurry iPhone picture takes world by storm

What is the iPhone 6's "Error 53"? The new Apple tvOS brings new features and Tim Cook takes bad pictures.

by Brian Tong