Apple delivers iOS 4.3.4 to patch PDF security hole

Apple has released a new version of its iOS software that patches a PDF vulnerability used to help jailbreak devices. The new software brings no other features.


Apple rolled out a minor security update to iOS this morning that fixes a vulnerability with the software's PDF-reading capabilities.

iOS 4.3.4 (and 4.2.9 for those on Verizon) is available as a free update to iPhone, iPod Touch, and iPad users. A description of the update says it "fixes (a) security vulnerability associated with viewing malicious PDF files." That's the same one used by, a site that re-launched earlier this month to allow users to jailbreak their phones without using a computer or any special software, giving the owners a way to install third-party software and make low-level system changes.

Shortly after the release of that tool, and a reaction by Germany's IT agency calling the exploit a part of "critical weaknesses" in iOS, Apple responded by saying it took security "very seriously" and that it was "developing a fix."

Beyond jailbreaking, the danger of having a vulnerability in place that is well-known is that it can make devices a target for attackers. "The exploit downloads a payload to jailbreak the phone, but it could be changed to deliver a malicious payload," said Charlie Miller, a principal research consultant at Accuvant and an Apple security expert, in an interview with CNET last week.

This is the second time Apple has had to fix a vulnerability in its PDF-viewing technology. In August an earlier version of exploited the way the PDF viewer loaded fonts to let users gain low-level system access, and install third-party application installers.

(via Macrumors)

About the author

Josh Lowensohn joined CNET in 2006 and now covers Apple. Before that, Josh wrote about everything from new Web start-ups, to remote-controlled robots that watch your house. Prior to joining CNET, Josh covered breaking video game news, as well as reviewing game software. His current console favorite is the Xbox 360.


Discuss Apple delivers iOS 4.3.4 to patch PDF security...

Conversation powered by Livefyre

This week on CNET News
Hot Products
Trending on CNET

CNET Forums

Looking for tech help?

Whether you’re looking for dependable tech advice or offering helpful tricks, join the conversation in our forums.