Send tip

Category: Apple Software

Now Available: iOS PDF Flaw Patch

Written on August 12, 2010 by Adam Eve

0 person

After jailbreaking an iOS device was announced as legal, Apple created a patch for the flaw. User of iPhone, iPod Touch and iPad can now work on their devices without breaking their warranty.

has released the security updates for iPhone, iPod touch and iPad today. The update address the flaw in handling and I/O that have been recently exploited to create a web-based jailbreak for Apple’s . iOS 4.0.2 for iPod touch and iPhone and 3.2.2 for iPad are now available via iTunes.

The web-based jailbreak is dependent on two vulnerabilities in order to work. An open source from is used by iOS’s PDF rendering engine, that can result in and overflow of stack buffer whenever it handles a CFF data. The flaw can be exploited to execute an arbitrary code with the help of an especially designed PDF. Once the overflow occurs, and integer counterpart flaw in IOSurface could be misused to elevate privileges from the user to the root. With heightened freedom, a code from removes the security features that prevent other apps in running on any iOS-based devices.

However, the flaw was publicized by the security researchers shortly after the jailbreak launching. They pointed out that the bug can also be used for more malicious purposes just by getting a user to visit a website. Good thing, Apple quickly acknowledged the problem and assured the users with an upcoming fix. The patches execute additional bound to check both libraries.

View Article Source »

Related articles


View all