Apple is now out with a new update patching three vulnerabilities in the iOS mobile operating system.
The iOS 4.3.4 update was trigged by the disclosure earlier this month that iOS could be infected by way of a malicious PDF file. The flaw was being exploited in the wild by iOS jailbreaking tools as well. While the flaw has now been fixed, iOS 4.3.4 has already been jailbroken, as the cat and mouse game between Apple and the jailbreakers continues.
The PDF related vulnerability fixed in iOS 4.3.4 affects both the CoreGraphics engine as well as the IOMobileFrameBuffer. For Core Graphics, there are two separate flaws, both of which could have led to arbitrary code execution if a users viewed a malicious PDF.
The first CoreGraphics flaw, identified by Apple as CVE-2010-3855, is a buffer overflow in FreeType's handling of TrueType fonts. The second flaw, identified by Apple as CVE-2011-0226, is a signing issue with FreeType's handling of Type 1 fonts.
Apple's advisory noted that the impact of the IOMobileFrameBuffer flaw is that malicious code running as the user may gain system privileges.
"An invalid type conversion issue exists in the use of IOMobileFrameBuffer queueing primitives, which may allow malicious code running as the user to gain system privileges," Apple's advisory states.
"Apple released this fix less than 10 days from the time it went public on July 6, just like they did last time there was a serious jailbreak vulnerability," Andrew Storms, director of security operations for nCircle said in an email to InternetNews.com
The jailbreaking flaw that took advantage of the PDF issues, enabled users to simply visit a website and click a button in order to jailbreak an iOS device. The iOS 4.3.4 patch itself has already been jailbroken, however it has made it harder for users or attackers to jailbreak an iOS device.
"We have a new redsn0w 0.9.8b3 that supports a TETHERED jailbreak for iOS 4.3.4 on all devices that have 4.3.4 except the iPad2, " a notice on one popular jailbreaking side stated.( http://blog.iphone-dev.org/redsn0w-iOS5 --) ." The vast majority of people will want to stay back at 4.3.3 because that's where the untethered jailbreak is! There are no new features in 4.3.4 only fixes for jailbreak exploits."
According to nCircle's Storm, the 'click-and-be-hacked' potential of the iOS flaw showed hackers that this bug could have been used to distribute a wide variety of malware
"Fortunately for Apple and millions of iPhone users, so far we haven't seen massive attacks using this bug in the wild," Storm said. "Now we just have to wait and hope users will install the latest patches as soon as possible because there are no known mitigations available."