Wednesday 20 November 2024
Font Size
   
Saturday, 16 July 2011 03:23

Apple Releases iOS 4.3.4 – Patches PDF Vulnerability

Rate this item
(0 votes)
Apple recently seeded iOS 4.3.4 for its iOS devices including the iPhone 4, iPhone 3GS, iPad 2, iPad, and 3rd and 4th generation iPod Touch devices. Apple also release a comparable update for Verizon Wireless’ CDMA iPhone 4, iOS 4.2.9. These new builds include a security update that addresses the vulnerability with PDF files. This directly patches the extremely popular JailbreakMe.com jailbreak solution, which was by far the easiest way to jailbreak iOS devices. JailbreakMe will no longer function on devices running the newer firmwares, which are available now on iTunes. MuscleNerd tweeted the following warning after Apple deployed the new firmware: iOS 4.3.4 is out…please don’t update, or you’ll lose your jailbreak! And back up your 4.3.3 blobs soon! A support document, which outlines the security content of iOS 4.3.4 was released by Apple. The document mentions the following: iOS 4.3.4 Software Update CoreGraphicsAvailable for: iOS 3.0 through 4.3.3 for iPhone 3GS and iPhone 4 (GSM model), iOS 3.1 through 4.3.3 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.3 for iPadImpact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code executionDescription: A buffer overflow exists in FreeType’s handling of TrueType fonts. Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution.CVE-ID CVE-2010-3855 CoreGraphicsAvailable for: iOS 3.0 through 4.3.3 for iPhone 3GS and iPhone 4 (GSM model), iOS 3.1 through 4.3.3 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.3 for iPadImpact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code executionDescription: A signedness issue exists in FreeType’s handling of Type 1 fonts. Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution.CVE-ID CVE-2011-0226 IOMobileFrameBufferAvailable for: iOS 3.0 through 4.3.3 for iPhone 3GS and iPhone 4 (GSM model), iOS 3.1 through 4.3.3 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.3 for iPadImpact: Malicious code running as the user may gain system privilegesDescription: An invalid type conversion issue exists in the use of IOMobileFrameBuffer queueing primitives, which may allow malicious code running as the user to gain system privileges.CVE-ID CVE-2011-0227 Authors:
French (Fr)English (United Kingdom)

Parmi nos clients

mobileporn