This article originally appeared in TidBITS on 2011-07-15 at 2:26 p.m.
The permanent URL for this article is: http://tidbits.com/article/12331
Include images: Off

iOS 4.3.4 and 4.2.9 Fix PDF Vulnerability

by Adam C. Engst

Apple has released iOS 4.3.4 [1] for the GSM iPhone 4 and 3GS, the iPad and iPad 2, and the 3rd and 4th generations of the iPod touch, along with iOS 4.2.9 [2] for the CDMA iPhone 4. Both updates address a security vulnerability associated with viewing a malicious PDF file. Also fixed is a vulnerability that could enable malicious code running as the user to gain system privileges.

The PDF-based vulnerability, caused by a buffer overflow in the handling of TrueType and Type 1 fonts, was used in a recent jailbreaking effort — by definition, jailbreaking involves exploiting a security hole in iOS.

The updates are available only via iTunes, and despite the minimal changes, they’re big, so allot plenty of time to download and install.

[1]: http://support.apple.com/kb/HT4802
[2]: http://support.apple.com/kb/HT4803