Thoughtful, detailed coverage of the Mac, iPhone, and iPad, plus the TidBITS Content Network for Apple consultants.

iOS 4.3.4 and 4.2.9 Fix PDF Vulnerability

Apple has released iOS 4.3.4 for the GSM iPhone 4 and 3GS, the iPad and iPad 2, and the 3rd and 4th generations of the iPod touch, along with iOS 4.2.9 for the CDMA iPhone 4. Both updates address a security vulnerability associated with viewing a malicious PDF file. Also fixed is a vulnerability that could enable malicious code running as the user to gain system privileges.

The PDF-based vulnerability, caused by a buffer overflow in the handling of TrueType and Type 1 fonts, was used in a recent jailbreaking effort — by definition, jailbreaking involves exploiting a security hole in iOS.

The updates are available only via iTunes, and despite the minimal changes, they’re big, so allot plenty of time to download and install.

 

Backblaze is unlimited, unthrottled backup for Macs at $5/month.
Web access to files means your data is always available. Restore
by Mail allows you to recover files via a hard drive or USB.
Start your 15-day trial today! <https://www.backblaze.com/tb>
 

Comments about iOS 4.3.4 and 4.2.9 Fix PDF Vulnerability
(Comments are closed.)

Ron Kraus  2011-07-18 07:15
No kidding about taking some time. I have a pretty fast cable Internet connection and this thing takes about 25 minutes.
Mark Martinez  2011-07-19 07:21
58 minutes to download the update on my pokey 1.5Mbs DSL connection.