Never miss an update Follow AppleInsider
Friday, July 15, 2011, 01:30 pm
Apple releases iOS 4.3.4 to address PDF security hole
Apple on Friday released an update to its iOS mobile operating system for the iPhone, iPad and iPod touch, addressing a potentially dangerous security flaw related to viewing PDF files in the Mobile Safari Web browser.iOS 4.3.4 can be downloaded and installed to any currently supported iOS-based devices by connecting to iTunes and choosing to update. Apple has characterized the latest software as a security update, and does not contain any new features or fixes.
The update is available for the GSM iPhone 4, iPhone 3GS, iPad 2, iPad, and third- and fourth-generation iPod touch. Another firmware, iOS 4.2.9, is also available for the CDMA iPhone 4 for Verizon users.
The update comes just over a week after Apple announced it would release a fix for the security flaw, and less than 10 days after the issue was given widespread attention.
The update plugs a hole that could allow a hacker to utilize a maliciously crafted PDF file to gain access to a user's system. Visiting a site with this exploit could lead to unexpected application termination or arbitrary code execution.
Apple said this is because a buffer overflow exists in FreeType's handling of TrueType fonts, and a signedness issue exists in FreeType's handling of Type 1 fonts.
The update also reportedly contains a patch for iOS's IOMobileFrameBuffer. Apple said the new software addresses an invalid type conversion issue, which could allow malicious code running as the user to gain system privileges.
The PDF exploit became known last week, after hackers utilized it to offer a browser-based "jailbreak" of iOS devices. "Jailbreak" is the term used to describe exploiting flaws in iOS code to allow users to run software that is not approved by Apple.
While those behind the jailbreakme.com site did not create it with malicious intent, it's possible that a more nefarious hacker could release an exploit that, when visited by a user, could allow unsigned code to be run on an iPhone or iPad without the user's permission or even knowledge.
On Topic: iPhone
- iPhone urinalysis app draws scrutiny from FDA
- Best Buy to offer $50 off all iPhone 5 & 4S models starting Sunday
- New service delivers passes for Apple's Passbook via text message
- AT&T to reportedly add Apple's iPhone to GoPhone prepaid lineup
- Apple airs new iPhone ad, continues brilliant 'quiet' TV campaign
Previous Comments View All
Thank God one of the advertised "features" of the Google phones is that you can root them!
Wait a minute. If you can root them, can't somebody else, for less "it's my phone!' motives? Or, wait, somebody sending you a malicious pdf can make it HIS phone.
It's always seemed a strange, quixotic belief, those who buy phones to jailbreak them.
Quote:
Originally Posted by Darkstar2007 
Looks like your still SOL if you have the CDMA version....
Looks like your still SOL if you have the CDMA version....
No, there is an update 4.2.9 for CDMA phones.
Quote:
Originally Posted by Swift
Thank God one of the advertised "features" of the Google phones is that you can root them!
Wait a minute. If you can root them, can't somebody else, for less "it's my phone!' motives? Or, wait, somebody sending you a malicious pdf can make it HIS phone.
It's always seemed a strange, quixotic belief, those who buy phones to jailbreak them.
Thank God one of the advertised "features" of the Google phones is that you can root them!
Wait a minute. If you can root them, can't somebody else, for less "it's my phone!' motives? Or, wait, somebody sending you a malicious pdf can make it HIS phone.
It's always seemed a strange, quixotic belief, those who buy phones to jailbreak them.
Well there's a difference between OS supported rooting that requires an explicit user approval and a hacked rooting that just requires downloading a PDF. The former is a feature, the latter is most definitely a bug.
Well I am sure a few million people, myself included, took advantage of this easy method to update the version number of our software and keep our phones jail broken and unlocked.
Fortunately, nobody has tried to exploit this bug to install malware, or even worse, brick iPhones. A malicious person could have easily done this.
I saw red text, 'Apple releases...' and soiled my pants thinking it was about Lion!
Quote:
Originally Posted by Jonamac
I saw red text, 'Apple releases...' and soiled my pants thinking it was about Lion!
I saw red text, 'Apple releases...' and soiled my pants thinking it was about Lion!
Yeah, I don't think this was worthy of a 'red' update myself...
Quote:
Originally Posted by TBell
Well I am sure a few million people, myself included, took advantage of this easy method to update the version number of our software and keep our phones jail broken and unlocked.
Well I am sure a few million people, myself included, took advantage of this easy method to update the version number of our software and keep our phones jail broken and unlocked.
I was excited to hear about the flaw. I lost my jailbreak when I upgraded my 3G to a 4G a few months ago. The 3G was super easy to jailbreak in place; the 4G normally requires a full restore to jailbreak. This flaw allowed me to install Cydia in a matter of seconds. Love it!
FWIW, the only thing I use that requires a Jailbreak is SBSettings. I love being able to disable WiFi (or change brightness settings) with a swipe and a tap. With the 3G it was critical because it was the only way to lock rotation.
There are tons of plugins for SBSettings allowing instant toggles for Airplane mode, 3G, etc. Plus the process icon allows for easy termination of apps...
Quote:
Originally Posted by Jonamac
I saw red text, 'Apple releases...' and soiled my pants thinking it was about Lion!
I saw red text, 'Apple releases...' and soiled my pants thinking it was about Lion!
I don't know about soiling my pants, but I thought it was Lion too.
This sucks.
Don't Plug i-tunes cable .lol 
Latest Apple Headlines
-
iPad shipments could see first ever year-on-year decline in Q2, analyst says
~8 hours ago -
Google's Motorola issues second appeal of dismissed ITC case against Apple
~10 hours ago -
iPhone urinalysis app draws scrutiny from FDA
~11 hours ago -
South Australia's first Apple Store draws line hours ahead of opening [update: photos and video]
~11 hours ago -
Best Buy to offer $50 off all iPhone 5 & 4S models starting Sunday
~14 hours ago - more...
Want to write for AppleInsider? Submit your application now!
| Model | White | Black | |
|---|---|---|---|
| iPad mini (WiFi only) | |||
| 16GB WiFi |  |
$329.99 | $329.99 |
| 32GB WiFi | |
$429.99 | $429.99 |
| 64GB WiFi | |
$529.99 | $529.99 |
| iPad mini (WiFi + 4G) | |||
 |
 |
 |
|
| 16GB 4G White | $459.99 | $459.99 | $459.99 |
| 32GB 4G White | $559.99 | $559.99 | $559.99 |
| 64GB 4G White | $659.99 | $659.99 | $659.99 |
| 16GB 4G Black | $459.99 | $459.99 | $459.99 |
| 32GB 4G Black | $559.99 | $559.99 | $559.99 |
| 64GB 4G Black | $659.99 | $659.99 | $659.99 |
Lowest Prices Anywhere!
| Model | Price | You Save |
|---|---|---|
| Core i5 MacBook Pros w/ Retina | ||
| 13" 2.5GHz/8GB/128GB | $1,406.48 | $292.52 |
| 13" 2.5GHz/8GB/256GB | $1,479.99 | $519.01 |
| 13" 2.5GHz/8GB/512GB | $1,699.99 | $799.01 |
| Core i7 MacBook Pros w/ Retina | ||
| 13" 2.9GHz/8GB/256GB | $1,599.99 | $599.01 |
| 13" 2.9GHz/8GB/512GB | $1,799.99 | $899.01 |
| 15" 2.3GHz/8GB/256GB | $1,899.99 | $299.01 |
| 15" 2.6GHz/8GB/512GB | $2,299.99 | $568.01 |
| 15" 2.7GHz/16GB/768GB | $2,699.99 | $499.01 |
Edit: nevermind they have an update for CDMA users too. I'm gonna download it real quick