Apple has released a security patch for its iOS platform to fix three bugs, which use a critical PDF exploit to jailbreak iOS-based devices. The bugs were fixed in the iOS 4.3.4 software update released last Friday. These vulnerabilities affect the iPad, iPad2, iPhone (4 & 3GS), as well as the iPod Touch (third and fourth generations).
The update fixes an iOS security hole which allowed jailbreaking by viewing a specially crafted PDF file on the iOS mobile’s default Safari browser. Jailbreaking is a process by which users can bypass the restrictions imposed by Apple which prevent the user from installing non-Apple apps and making low-level system tweaks, by gaining root access to the OS.
According to Apple, a ‘CoreGraphics’ flaw in FreeType’s handling of TrueType fonts (CVE-2010-3855) and Type 1 fonts (CVE-2011-0226), may cause a buffer overflow. This could lead to an unexpected application termination and/or execution of arbitrary code, when viewing a specially crafted PDF file. Additionally, an invalid conversion issue in the use of the iOS ‘IOMobileFrameBuffer’ queuing mechanism (CVE-2011-0227) could be used to gain system privileges by running malicious code.
There are no reports of the exploit being used in the wild, apart from a proof of concept. Germany’s federal IT agency was the first to voice concerns over the vulnerability and issued a security advisory, warning users of iOS based devices, which prompted Apple to take action.
The security update is available through iTunes for iOS version 3.0 through 4.3.3 for all iOS based devices. This is a security-only update.