Send tip

Now Available: iOS PDF Flaw Patch

Written on August 12, 2010 by Adam Eve

0 person

After jailbreaking an iOS device was announced as legal, Apple created a patch for the flaw. User of iPhone, iPod Touch and iPad can now work on their devices without breaking their warranty.

Apple has released the security updates for iPhone, iPod touch and iPad today. The update address the flaw in PDF handling and I/O that have been recently exploited to create a web-based jailbreak for Apple’s portable devices. iOS 4.0.2 for iPod touch and iPhone and 3.2.2 for iPad is now available via iTunes.

The web-based jailbreak is dependent on two vulnerabilities in order to work. An open source from FreeType Library is used by iOS’s PDF rendering engine, that can result in and overflow of stack buffer whenever it handles a CFF data. The flaw can be exploited to execute an arbitrary code with the help of an especially designed PDF. Once the overflow occurs, and integer counterpart flaw in IOSurface could be misused to elevate privileges from the user to the root. With heightened freedom, a code from removes the security features that prevent other apps in running on any iOS-based devices.

Read the rest of the article »


View all