Apple has released iOS 4.3.4 for the GSM iPhone 4 and 3GS, the iPad and iPad 2, and the 3rd and 4th generations of the iPod touch, along with iOS 4.2.9 for the CDMA iPhone 4. Both updates address a security vulnerability associated with viewing a malicious PDF file. Also fixed is a vulnerability that could enable malicious code running as the user to gain system privileges.
The PDF-based vulnerability, caused by a buffer overflow in the handling of TrueType and Type 1 fonts, was used in a recent jailbreaking effort — by definition, jailbreaking involves exploiting a security hole in iOS.
The updates are available only via iTunes, and despite the minimal changes, they’re big, so allot plenty of time to download and install.