Apple has made a minor security update to iOS which will fix the security issues of software’s PDF reading capability. iOS 4.3.4 is now available for all iPhone, iPad touch and iPad users for free. The update also says that it will fix security vulnerability related to viewing of malicious PDF files. Similar description is used by JailbreakMe.com which is a site that was relaunched recently. This will allow users to jailbreak their phones without the need of any software or computer thus enabling users to install a third party software and way to make low level system alterations.
Soon after the release of this great tool, a Germany’s IT agency calling exploit a part of critical weaknesses in iOS and Apple reacted very wisely saying it has always taken security very seriously and this time too it was developing a fix. Beyond jailbreaking, the risk of highly vulnerable place makes device a target for attackers. In an interview Charlie Miller, a principal research consultant at Accuvant and Apple security expert said that this website also exploits downloads a payload in order to jailbreak the phone but it could be manipulated to impart malicious payload.
Well, this is not the first time that Apple has to fix vulnerability in its technology used to view PDF files but this is happening for the second time. An earlier version of Jailbreakme.com exploited how PDF viewer used to load fonts to allow users to achieve access to low level system and install third party application installers. A latest iPad software version 4.3.4 is available for iPad users; you can right now download it and update your iPad. Apple said it is available for iPhone 3GS and iPhone 4s running iOS 3.0 version or any higher version, iPads with iOS 3.2 and higher, and third generation iPods with iOS 3.1 and higher.
This crucial iOS update addressed three main components which are buffer overflow in FreeType’s handling of TrueType fonts, invalid type conversion problem while using IOMobileFrameBuffer lining primitives and lastly the problem of signedness in FreeType’s handling of Type 1 fonts. All these three components together could have enabled attacker to control the device through malicious PDF file. Apple started to work on this issue when German Federal Office for Information Security warned the chances of attacks via PDF files. Apple has successfully released iOS 4.3.4 version which fixes iOS vulnerability which would otherwise have allowed hackers to remotely control iPhones, iPads and iPod Touch.