Apple rolled out a minor security update to iOS this morning that fixeswith the software's PDF-reading capabilities.
iOS 4.3.4 (and 4.2.9 for those on Verizon) is available as a free update to iPhone, iPod Touch, and iPad users. A description of the update says it "fixes (a) security vulnerability associated with viewing malicious PDF files." That's the same one used by JailbreakMe.com, a site to allow users to jailbreak their phones without using a computer or any special software, giving the owners a way to install third-party software and make low-level system changes.
Shortly after the release of that tool, and a reaction by Germany's IT agency calling the exploit a part of "critical weaknesses" in iOS, Apple responded by saying it took security "very seriously" and that it was "developing a fix."
Beyond jailbreaking, the danger of having a vulnerability in place that is well-known is that it can make devices a target for attackers. "The Jailbreakme.com exploit downloads a payload to jailbreak the phone, but it could be changed to deliver a malicious payload," said Charlie Miller, a principal research consultant at Accuvant and an Apple security expert, in an interview with CNET last week.
This is the second time Apple has had to fix a vulnerability in its PDF-viewing technology. In August an earlier version of Jailbreakme.comthe way the PDF viewer loaded fonts to let users gain low-level system access, and install third-party application installers.
All the latest Apple news, featuring developments on the iPhone, iPad, Macbooks, OS X and much more.
Feb 21iPhone 8 camera overhaul could 3D scan your face, says report
Feb 21Apple's biggest problem is one it can never solve
Feb 19Apple reportedly nabs Israeli facial recognition startup
Feb 18AirPods vs. BeatsX