Skip to content
Thoughtful, detailed coverage of everything Apple for 28 years
and the TidBITS Content Network for Apple professionals
5 comments

iOS Security Fixes Released for Serious Vulnerabilities

Fixes for two serious holes in iOS are now available in the form of iOS 3.2.2 for iPad and iOS 4.0.2 for 2008 and later models of iPhone and iPod touch. Attach your iOS device (or devices) to the computer with which you sync using iTunes, and use iTunes to download and install the upgrade.

One flaw lies in TrueType handling within Apple’s iOS PDF display software. A PDF with fonts crafted in a particular way could allow a malicious party to run any code on an iOS device simply by getting you to view the PDF file. That flaw is paired with a second in IOSurface, a framework for buffering or holding images in memory. The IOSurface flaw allows the code to be executed in a way that gives the attack full system privileges.

At that point, an attacker could enable remote access, copy or delete all your data, or install background monitoring or call-interception software.

The flaws were revealed as part of the first successful iPhone 4 jailbreak in iOS 4, which required only that you visited a particular Web page. The escalation of privileges enabled the jailbreak software to crack Apple’s protection against installing software other than that which the company allows.

Apple apparently no longer provides security upgrades for the iPhone 3.1 software branch, which is unfortunate as some iPhone 3G users were forced to revert from iOS 4 to 3.1.3 due to significant performance problems that Apple has said it is investigating.

Even with iOS 4 being a free upgrade, Apple should provide security fixes for known, significant problems in the previous widely used OS release. Further, original iPhone and iPod touch users will likely also be subject to these flaws, and cannot upgrade to iOS 4.

Subscribe today so you don’t miss any TidBITS articles!

Every week you’ll get tech tips, in-depth reviews, and insightful news analysis for discerning Apple users. For 28 years, we’ve published professional, member-supported tech journalism that makes you smarter.

Registration confirmation will be emailed to you.

Comments About iOS Security Fixes Released for Serious Vulnerabilities