Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Network Security, Security Strategy, Plan, Budget, Vulnerability Management, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Apple delivers iOS patch for jailbreak flaw


Apple on Friday issued an update for its iOS mobile platform, addressing a security flaw being used to jailbreak iPad, iPhone and iPod Touch devices.

The update, iOS 4.3.4, arrived nine days after a hacker named Comex released Jailbreakme 3, a web-based tool that leverages the previously unknown PDF-related vulnerability to jailbreak iOS devices, including the iPad 2.

Friday's update fixes three flaws in total, including the PDF-rendering flaw, which affects Apple's CoreGraphics framework and could allow an attacker to take control of an affected device, according to Apple's advisory. The bug could be exploited if a user is tricked into viewing a maliciously crafted PDF file.

Following the release of the jailbreak tool, Apple promptly said it was working on a fix. Researchers warned the flaw would soon be exploited to install malware on affected devices.

The Cupertino, Calif.-based computing giant appears to have beaten attackers to the punch. No malicious attacks using the vulnerability have been identified, Patrik Runald, senior manager for security research at web security firm Websense, said Friday on Twitter.

The update is available for the GSM model of the iPhone 4 used by AT&T customers, as well as the iPhone 3GS, iPad 2, iPad, and third- and fourth-generation iPod Touch devices.

A separate patch, iOS 4.2.9, which addresses the same flaws, was released for the CDMA version of the iPhone 4, used by Verizon customers.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.