Apple has pushed out iOS 4.3.4 to fix a vulnerability in the iPhone operating system that affects the way the device handles PDF files. That PDF bug is the same one that was used by the Jailbreakme.com site to enable users to jailbreak their iPhones.
Apple said last week that it would patch the PDF vulnerability, but did not disclose a timeline for doing so. On Friday, the new version of iOS began showing up for download in iTunes. The update release notes say that iOS 4.3.4 includes the PDF fix, but doesn’t specify any other security fixes.
The Jailbreakme.com site, which has previously published two other jailbreak exploits, went active again last week with a new jailbreak exploit that used the PDF vulnerability and a local privilege-escalation exploit to bypass ASLR and DEP and jailbreak users’ iPhones. When the new jailbreak went live, security researchers were impressed by the work.
“iOS is pretty secure – arguably the most secure mobile operating
system. So you’ve got to wonder ‘how did this dude totally circumvent
it?'” Charlie Miller, of Accuvant Labs, said at the time. “ASLR and DEP are about making things hard. They make a lot of bugs useless. But [Comex] found a really special bug.”
Researchers said that the jailbreak PDF bug could be used as a target for drive-by download attacks if it wasn’t patched quickly. There haven’t been any public reports of such attacks on the vulnerability, and Apple got the patch out in less than two weeks from the time the new jailbreak went public.