06Aug2010

Software Fix for iOS PDF-Handling Vulnerability Awaiting Release

CNET reports that Apple has developed a software fix for the iOS security hole exploited to enable a Web-based jailbreak over the weekend, and that the fix will be deployed in an upcoming software update.

On Wednesday an Apple spokeswoman said in a statement, “We’re aware of this reported issue, we have already developed a fix and it will be available to customers in an upcoming software update.”

Apple declined to say when the update would be pushed out.

Apple had reported just yesterday that it was investigating the issue, which actually comprises a pair of flaws, and has obviously moved rapidly to close the security hole.

There are two distinct vulnerabilities in the iPhone uncovered with the jailbreak software’s release, principal analyst Charlie Miller of Independent Security Evaluators told CNET Tuesday. One flaw is in the way the browser parses PDF files, enabling the code to get inside a protective sandbox, and the other hole allows code to break out of the sandbox and get root, or control, privileges on the device.

While the vulnerability was exploited to offer users a simple method to jailbreak their iOS devices in this case, it could easily be used as an entry point for the execution of malicious code.

To read more please click here