Apple's new iOS 4.3.4 Software Update fixes a flaw in how PDF files are handled. The flaw was used to create a Web-based jailbreaking tool on the JailbreakMe Website.
Apple released a new iOS
update that patches the PDF flaw uncovered over a week ago by developers at the
The iOS 4.3.4 update
vulnerability in the CoreGraphics frameworks that resulted in problems in the
way PDF files were being handled, Apple said in its update advisory on July 15.
With this flaw, malicious hackers could have remotely controlled iPhones, iPads
and iPod Touches after tricking the user to open a malicious PDF file. The
update is available for iPhone 3GS and iPhone 4 running iOS 3.0 and higher,
third-generation iPods with iOS 3.1 and higher, and iPads with iOS 3.2 and
The flaw was uncovered by
"Comex," a member of the hacking group iPhone Dev Team, who exploited
it to create a way for users to jailbreak iOS devices in order to run
non-Apple-authorized software. Usually, the process requires the user to
download a specific tool while connected to a computer. This flaw allowed the
team to develop a tool that could be executed just by visiting the JailbreakMe
Website from the mobile device.
The update "fixes [a]
security vulnerability associated with viewing malicious PDF files," Apple
The German Federal Office
for Information Security issued a warning about the possibility of attackers
exploiting the same flaw using PDF files. The agency said clicking on an
infected PDF via email or on the Web would infect an iOS device with malicious
software and give the attacker administrative privileges on the device.
Comex released a patch to
close the hole for users who ran the jailbreaking tool. Ironically, until Apple
released this update, the only users who were protected were the ones who had
jailbroken their devices.
The update addresses a
buffer overflow in how FreeType handles TrueType fonts, an issue in how
FreeType handles Type 1 fonts and an invalid type conversion issue in
IOMobileFrameBuffer. The issues, in combination, could have allowed an attacker
to take control using a maliciously crafted PDF file.
Apple has moved fairly
quickly to address the issue. The update means the JailbreakMe tool will no
longer work on updated devices, but at least users are now protected from
potential attacks. "Apple released this fix less than 10 days from the time it
went public on July 6, just like they did last time there was a
serious jailbreak vulnerability
," Andrew Storms, director of security
operations for nCircle said.
This flaw could have been
used "to distribute a wide variety of malware" if left unpatched,
Storms said. It was important that users install the latest patches as soon as
possible, he said.
Apple's last update, 4.3.3,
released in May, fixed a controversial bug in
Apple's location-based services
. Unlike many major technology companies,
Apple does not follow a regular release cycle for its updates but releases them
on an erratic schedule.
"Apple has no scheduled
patch release cycle. Once a critical bug is discovered, Apple rarely
communicates at all about when a patch will come out. When the patch is
available they just ship it," Storms said.