Apple rolled out a minor security update to iOS this morning that fixeswith the software's PDF-reading capabilities.
iOS 4.3.4 (and 4.2.9 for those on Verizon) is available as a free update to iPhone, iPod Touch, and iPad users. A description of the update says it "fixes (a) security vulnerability associated with viewing malicious PDF files." That's the same one used by JailbreakMe.com, a site to allow users to jailbreak their phones without using a computer or any special software, giving the owners a way to install third-party software and make low-level system changes.
Shortly after the release of that tool, and a reaction by Germany's IT agency calling the exploit a part of "critical weaknesses" in iOS, Apple responded by saying it took security "very seriously" and that it was "developing a fix."
Beyond jailbreaking, the danger of having a vulnerability in place that is well-known is that it can make devices a target for attackers. "The Jailbreakme.com exploit downloads a payload to jailbreak the phone, but it could be changed to deliver a malicious payload," said Charlie Miller, a principal research consultant at Accuvant and an Apple security expert, in an interview with CNET last week.
This is the second time Apple has had to fix a vulnerability in its PDF-viewing technology. In August an earlier version of Jailbreakme.comthe way the PDF viewer loaded fonts to let users gain low-level system access, and install third-party application installers.
Apple - USE TAG
reading•Apple delivers iOS 4.3.4 to patch PDF security hole
Nov 18•Black Friday 2018 smart home deals: Google Home Hub, Facebook Portal, Apple HomePod, Alexa gadgets and more
Nov 18•Tech Turkeys 2018: The biggest screwups in tech this year
Nov 18•Black Friday 2018 iPhone deals: iPhone XR and XS for $150 off, free $400 iPhone X gift card
Nov 18•We took the iPhone XS and XR into 26 foot deep water. Only one survived