Apple updates iPhone, iPad for "jailbreak" flaw

Powered by SC Magazine
 

Flaw could lead to arbitrary code execution.

Apple has issued updates for its iOS mobile operating system to fix a vulnerability being widely used to jailbreak the latest iPhone. The updated operating system versions are iOS 4.0.2 for iPhone and iPod Touch devices, and iOS 3.2.2 for iPad devices.

The updates fix a stack buffer overflow vulnerability in the way Mobile Safari handles PDF files on iOS-powered devices, according to Apple's advisories. The flaw came to light last week when a group, called the Dev-Team, released hack details on the website JailbreakMe.com.

The site showed users how to jailbreak their iPhone, iPad and iPod Touch devices, which enables them to install unapproved applications.

Researchers have warned that while the jailbreak hack was not malicious, the same Mobile Safari flaw could easily be used to craft a more malevolent attack.

“Although we haven't yet seen malicious attacks via the jailbreakme vulnerability, we recommend to install the patch right away,” researchers at anti-virus firm F-secure wrote in a blog post.

The flaw could lead to arbitrary code execution by viewing a PDF document with maliciously crafted embedded fonts, according to Apple's advisories.

Meanwhile, the iOS updates also fix an integer overflow flaw that could allow malicious code to gain system privileges.

The updates can be downloaded and installed using iTunes.

See original article on scmagazineus.com

Copyright © SC Magazine, US edition


Apple updates iPhone, iPad for "jailbreak" flaw
 
 
 
Top Stories
The True Cost of BYOD - 2014 survey
Twelve months on from our first study, is BYOD a better proposition?
 
Photos: Unboxing the Magnus supercomputer
Pawsey's biggest beast slots into place.
 
ANZ looks to life beyond the transaction
If digital disruptors think an online payments startup could rock the big four, they’ve missed the point of why people use banks, says Patrick Maes.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
What is delaying adoption of public cloud in your organisation?







   |   View results
Lock-in concerns
  29%
 
Application integration concerns
  3%
 
Security and compliance concerns
  28%
 
Unreliable network infrastructure
  9%
 
Data sovereignty concerns
  21%
 
Lack of stakeholder support
  3%
 
Protecting on-premise IT jobs
  4%
 
Difficulty transitioning CapEx budget into OpEx
  3%
TOTAL VOTES: 1071

Vote