Less than two weeks after exploits for a pair of serious security vulnerabilities were fitted into an automated JailbreakMe.com exploit, Apple has rushed out a patch to block the jailbreaking of iPhone, iPad and iPod Touch devices.
The iOS 3.2.2 (for iPad) and iOS 4.0.2 (iPhone and iPod Touch) updates correct two flaws — a stack buffer overflow in FreeType’s handling of CFF opcodes, and a privilege escalation issue in IOSurface — that combined to expose Apple’s devices to takeover if a user simply surfs to a rigged Web site.
The vulnerabilities were used by the JailbreakMe.com site and pranksters even used the site to mess with display devices in Apple/Best Buy stores (see video).
Here’s the skinny on the two vulnerabilities:
- FreeType (CVE-2010-1797) – A stack buffer overflow exists in FreeType’s handling of CFF opcodes. Viewing a PDF document with maliciously crafted embedded fonts may allow arbitrary code execution. This issue is addressed through improved bounds checking.
- IOSurface (CVE-2010-2973) An integer overflow exists in the handling of IOSurface properties, which may allow malicious code running as the user to gain system privileges. This issue is addressed through improved bounds checking.
Apple usually takes an inordinately long time to fix security holes affecting iPhones so the speed with which this update was released shows that the company’s security team can indeed push out fixes much faster.