Apple iOS updates fix PDF vulnerabilities

Two versions of iOS patch address different editions of iPhone 4; updates are recommended for all Apple mobile devices

After last week's report from the German government regarding PDF-related security vulnerabilities in MobileSafari, Apple has stepped up: The company on Friday released updates for all iOS devices that fix the problem. The updates are recommended for all users of Apple's mobile devices.

Though they both fix the same three vulnerabilities, the patch comes in two versions, thanks to the different flavors of the iPhone 4. iOS 4.3.4 applies to the iPad and iPad 2, the third- and fourth-generation iPod Touch, the iPhone 3G S, and the iPhone 4 (GSM model); users of the CDMA model of the iPhone 4 instead get iOS 4.2.9.

[ Discover what's new in business applications with InfoWorld's Technology: Applications newsletter. | Get the latest insight on the tech news that matters from InfoWorld's Tech Watch blog. ]

The issues addressed in the updates include the aforementioned PDF problem within Apple's CoreGraphics framework, which exploits FreeType's TrueType and Type 1 fonts to execute malicious code, and a conversion problem within the IOMobileFrameBuffer framework, which could allow code to inadvertently gain system privileges by posing as the user. The PDF-related exploits were also being used in the latest jailbreak method for iOS devices, a process that could be accomplished via the jailbreakme.com website; Apple's patch reportedly now disables that method.

You can download these updates by plugging in your respective iOS device and checking for updates in iTunes; if you'd like to read more about the security fixes in question, you can check out Apple's knowledge base documents on the updates, linked above.

This story, "Apple iOS updates fix PDF vulnerabilities" was originally published by Macworld.

From CIO: 8 Free Online Courses to Grow Your Tech Skills
Join the discussion
Be the first to comment on this article. Our Commenting Policies