Apple has rushed out a patch for multiple
security holes that allowed ‘drive-by download’ jailbreaking of iPhone
and iPad devices.
The flaws, exploited by the Jailbreakme.com
project, essentially allowed remote code execution attacks via
specially rigged fonts and escalation of privileges to escape the iOS
sandbox. The Jailbreakme.com project used rigged PDF files to deliver
the malformed fonts.
Here’s the skinny on the three vulnerabilities patched by Apple with the iOS 4.3.4 software update:
- CoreGraphics (CVE-2010-3855) – Viewing a
maliciously crafted PDF file may lead to an unexpected application
termination or arbitrary code execution Description: A buffer overflow
exists in FreeType’s handling of TrueType fonts. - CoreGraphics (CVE-2011-0226) – Viewing a
maliciously crafted PDF file may lead to an unexpected application
termination or arbitrary code execution Description: A signedness issue
exists in FreeType’s handling of Type 1 fonts. - IOMobileFrameBuffer (CVE-2011-0227) – Malicious
code running as the user may gain system privileges. An invalid type
conversion issue exists in the use of IOMobileFrameBuffer queueing
primitives, which may allow malicious code running as the user to gain
system privileges.
The iOs 4.3.4 update is available for iOS 3.0 through 4.3.3 for
iPhone 3GS and iPhone 4 (GSM); iOS 3.1 through 4.3.3 for iPod touch (3rd
generation) and later; and iOS 3.2 through 4.3.3 for iPad.
[Thanks: http://www.zdnet.com]
Related Posts;
Apple is gearing up for production of the next iteration of its iPhone line, and has begun ordering parts from its supply chain, according to a detailed report from The Wall Street Journal. The newspaper offered details on when it will ship (September) the form factor (thinner than the iPhone 4), the wireless chips used (Qualcomm), and an improved camera on the device (8 megapixels).
Not all of these bullet points are new — informed speculation that Apple would ship the iPhone 5 (or 4S) in September began in earnest more than three months ago — but they do come with The Journal’s reputation for properly sourced material and information vetting.
The report also included a caveat that a September launch could be delayed if Hon Hai Precision was unable to improve yield during its manufacturing of the iPhone. If true, it would suggest that Apple is serious about being able to meet demand when the device launches, rather than playing catchup for weeks or months afterwards.
Related Posts;
Search
Follow me on TwitterPages
- Apple iCloud: How vs What
- Apple iPad 2 with Wi-Fi + 3G 64GB
- Buy iPhone Now
- Expert Review: Apple iPhone 4S
- Review: Apple iPhone
- Review: Apple iPhone 4S
- Verizon iPhone 4: Thoroughly Reviewed
Recent post
- iPhone Buyers Hit Redial
- Nearly 1 Million People Jailbroke Their iPhone or iPad Over the Weekend
- Should I upgrade to the iPhone 4S for Siri?
- Android stays ahead of iPhone surge in US (despite what Nielsen thinks)
- Strong iPhone 4S Sales Narrows Market Gap between iOS, Android
- Insanely Great idea: Build utilitarian iPhone accessories locally, not offshore
- Club Med Launches Innovative Application for iPhone and iPad
- Boogieman Radar
- RIM collapsing as Apple iPhone wins the enterprise
- Supreme Court says police must get search warrant to use GPS tracking devices
Tag cloud
- .app 3G 3gs amp Android Apple Apple iPhone application apps BlackBerry company device download Google handset information iOS ipad iPhone iphone 4 iPhones iPod iPod Touch iTunes launch mac market network release service smartphone software Steve Jobs store technology Time touch User Verizon version video way week World year
Categories
- ipad (28)
- iPhone download (196)
- iPhone Game (214)
- iPhone News (6761)
- iPhone product (137)
- iPhone Thailand (9)
- iPhone Tips (222)
- iPod Touch (14)
- Mac news (19)
- News (52)
- Rumor (145)
- Uncategorized (38)
- Wallpapers (2)
surfgopher.com
