Apple plugs iOS security holes to thwart Jailbreakme.com exploit

Apple plugs iOS security holes to thwart Jailbreakme.com exploit

Summary: Apple has rushed out a patch for multiple security holes that allowed 'drive-by download' jailbreaking of iPhone and iPad devices.

SHARE:

Apple has rushed out a patch for multiple security holes that allowed 'drive-by download' jailbreaking of iPhone and iPad devices.

The flaws, exploited by the Jailbreakme.com project, essentially allowed remote code execution attacks via specially rigged fonts and escalation of privileges to escape the iOS sandbox.  The Jailbreakme.com project used rigged PDF files to deliver the malformed fonts.follow Ryan Naraine on twitter

Here's the skinny on the three vulnerabilities patched by Apple with the iOS 4.3.4 software update:

  • CoreGraphics (CVE-2010-3855) -- Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description:  A buffer overflow exists in FreeType's handling of TrueType fonts.
  • CoreGraphics (CVE-2011-0226) -- Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description:  A signedness issue exists in FreeType's handling of Type 1 fonts.
  • IOMobileFrameBuffer (CVE-2011-0227) -- Malicious code running as the user may gain system privileges. An invalid type conversion issue exists in the use of IOMobileFrameBuffer queueing primitives, which may allow malicious code running as the user to gain system privileges.

The iOs 4.3.4 update is available for iOS 3.0 through 4.3.3 for iPhone 3GS and iPhone 4 (GSM); iOS 3.1 through 4.3.3 for iPod touch (3rd generation) and later; and iOS 3.2 through 4.3.3 for iPad.

Topics: Apple, iPhone, Mobile OS, Mobility

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

4 comments
Log in or register to join the discussion
  • RE: Apple plugs iOS security holes to thwart Jailbreakme.com exploit

    Lets see......
    I jailbroke my phone and plugged these before the update
    rhonin
  • RE: Apple plugs iOS security holes to thwart Jailbreakme.com exploit

    Sure you did.
    docmurdock
    • RE: Apple plugs iOS security holes to thwart Jailbreakme.com exploit

      @docmurdock There has been a fix available via the jailbreak community for quite some time now... so yeah rhonin did and so did I.
      athynz
  • RE: Apple plugs iOS security holes to thwart Jailbreakme.com exploit

    I did jailbreak for my ipod touch 4th, it works very good. but today I connect my ipod touch to my computer and my itunes shows it has new software to upgrade my ipod touch 4th. it let my choice "yes" "no" , I select "yes" then it start upgrade my ipod. after upgrade, my jailbreak gone, and I try to do jailbreak again, but it shows " not supported on your device"
    could please teach me how to do jailbreak on my ipod touch now.
    @...