Apple updates iPhone, iPad for "jailbreak" flaw

Share this article:
Apple on Wednesday issued updates for its iOS mobile operating system to fix a vulnerability being widely used to jailbreak the latest iPhone.

The updated operating system versions are iOS 4.0.2 for iPhone and iPod Touch devices, and iOS 3.2.2 for iPad devices.

The updates fix a stack buffer overflow vulnerability in the way Mobile Safari handles PDF files on iOS-powered devices, according to Apple's advisories. The flaw came to light last week when a group, called the Dev-Team, released hack details on the website JailbreakMe.com.

The site showed users how to jailbreak their iPhone, iPad and iPod Touch devices, which enables them to install unapproved applications.

Researchers have warned that while the jailbreak hack was not malicious, the same Mobile Safari flaw could easily be used to craft a more malevolent attack.

“Although we haven't yet seen malicious attacks via the jailbreakme vulnerability, we recommend to install the patch right away,” researchers at anti-virus firm F-secure wrote in a blog post Wednesday.

The flaw could lead to arbitrary code execution by viewing a PDF document with maliciously crafted embedded fonts, according to Apple's advisories.

Meanwhile, the iOS updates also fix an integer overflow flaw that could allow malicious code to gain system privileges.

The updates can be downloaded and installed using iTunes.

Share this article:

Sign up to our newsletters

More in News

In Cisco probe, misuse or compromise spotted on all firms' networks

In Cisco probe, misuse or compromise spotted on ...

Cisco analyzed the business networks of 30 multinational companies last year, and revealed the findings in its 2014 Annual Security Report.

Fareit trojan observed spreading Necurs, Zbot and CryptoLocker

The Necurs and Zbot trojans, as well as CryptoLocker ransomware, has been observed by researchers as being spread through another trojan, known as Fareit.

Post Heartbleed, tech giants join initiative to bolster open source

Post Heartbleed, tech giants join initiative to bolster ...

The newly formed Core Infrastructure Initiative, created to boost under-funded open source projects, will tackle OpenSSL first.