Send tip

Category: Apple Software

Now Available: iOS PDF Flaw Patch

Written on August 12, 2010 by Adam Eve

0 person

After jailbreaking an iOS device was announced as legal, Apple created a patch for the flaw. User of iPhone, iPod Touch and iPad can now work on their devices without breaking their warranty.

Apple has released the security updates for iPhone, iPod touch and iPad today. The update address the in handling and I/O that have been recently exploited to create a web-based for Apple’s . 4.0.2 for iPod touch and iPhone and 3.2.2 for iPad are now available via iTunes.

The web-based jailbreak is dependent on two vulnerabilities in order to work. An open source from FreeType is used by iOS’s PDF rendering engine, that can result in and overflow of stack buffer whenever it handles a data. The flaw can be exploited to execute an arbitrary code with the help of an especially designed PDF. Once the overflow occurs, and integer counterpart flaw in IOSurface could be misused to elevate privileges from the user to the root. With heightened freedom, a code from jailbreakme.com removes the security features that prevent other apps in running on any iOS-based devices.

However, the flaw was publicized by the security researchers shortly after the jailbreak launching. They pointed out that the bug can also be used for more malicious purposes just by getting a user to visit a website. Good thing, Apple quickly acknowledged the problem and assured the users with an upcoming fix. The patches execute additional bound to check both libraries.

View Article Source »
TumblrStumbleUponDeliciousRedditDiggShare

Related articles


Featured


View all