iOS 4.3.4 and 4.2.9 Fix PDF Vulnerability
Apple has released iOS 4.3.4 for the GSM iPhone 4 and 3GS, the iPad and iPad 2, and the 3rd and 4th generations of the iPod touch, along with iOS 4.2.9 for the CDMA iPhone 4. Both updates address a security vulnerability associated with viewing a malicious PDF file. Also fixed is a vulnerability that could enable malicious code running as the user to gain system privileges.
The PDF-based vulnerability, caused by a buffer overflow in the handling of TrueType and Type 1 fonts, was used in a recent jailbreaking effort — by definition, jailbreaking involves exploiting a security hole in iOS.
The updates are available only via iTunes, and despite the minimal changes, they’re big, so allot plenty of time to download and install.
No kidding about taking some time. I have a pretty fast cable Internet connection and this thing takes about 25 minutes.
58 minutes to download the update on my pokey 1.5Mbs DSL connection.