Apple Security Updates Fix Critical iOS Flaws


Apple on Wednesday followed through on last week's pledge to issue fixes for two critical security vulnerabilities in iOS that could have disastrous implications for iPhone and iPad users.

Apple's iOS 4.0.2 Update for iPhone and iPod touch and iOS 3.2.2 Update for iPad address the security holes that were highlighted in the Jailbreakme 2.0 release, which showed how to defeat two separate layers of security that Apple has built into the OS.

Attackers could exploit the first vulnerability by getting a user to click on a PDF document with maliciously crafted embedded fonts, and the second flaw could allow the attacker to obtain elevated privileges and gain complete control over the device.

Apple has addressed both iOS vulnerabilities "through improved bounds checking," the company said in the security updates.

Apple last week said it had developed a fix for the vulnerabilities and would release it to customers in a forthcoming software update, although the company didn't offer a timeframe. Apple obviously didn't want to give attackers time to develop an exploit, and its quick response underscores the serious potential of the flaws.

The French research firm Vupen Security warned last week that the iOS vulnerabilities were being exploited to remotely jailbreak Apple devices.

"The website redirects the browser to the appropriate PDF exploit file depending on the device model and version and then executes a first stage payload," Vupen Security said in a bulletin last week. "Once done, a second stage payload is executed to gain root privileges on the device by exploiting the kernel vulnerability."

Apple isn't a fan of jailbreaking, but in this case the iPhone Dev Team, which created Jailbreakme 2.0, helped alert the company to what are probably the most serious flaws in iOS to date.

But Apple's security fixes will probably cause Jailbreakme 2.0 to stop functioning, so it's back to the drawing board for researchers, although it will probably be days, as opposed to weeks, before Jailbreakme 3.0 is released.