The flaws, exploited by the Jailbreakme.com project, essentially allowed remote code execution attacks via specially rigged fonts and escalation of privileges to escape the iOS sandbox. The Jailbreakme.com project used rigged PDF files to deliver the malformed fonts.
Here's the skinny on the three vulnerabilities patched by Apple with the iOS 4.3.4 software update:
- CoreGraphics (CVE-2010-3855) -- Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow exists in FreeType's handling of TrueType fonts.
- CoreGraphics (CVE-2011-0226) -- Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A signedness issue exists in FreeType's handling of Type 1 fonts.
- IOMobileFrameBuffer (CVE-2011-0227) -- Malicious code running as the user may gain system privileges. An invalid type conversion issue exists in the use of IOMobileFrameBuffer queueing primitives, which may allow malicious code running as the user to gain system privileges.
The iOs 4.3.4 update is available for iOS 3.0 through 4.3.3 for iPhone 3GS and iPhone 4 (GSM); iOS 3.1 through 4.3.3 for iPod touch (3rd generation) and later; and iOS 3.2 through 4.3.3 for iPad.