Apple has issued an emergency update for devices running the iOS4 mobile operating system.
iOS4.0.2 plugs the security hole exploited by the iPhone Dev Team to allow pain-free jailbreaking of the iPhone 4 and its manifold siblings as well as… actually, that’s about it.
Apple’s official statement on the matter says that the update – which is available for iOS 2.0 through 4.0.1 for iPhone 3G and later, iOS 2.1 through 4.0 for iPod touch (second generation) and later – fixes an issue whereby viewing a PDF document with maliciously-crafted embedded fonts could allow arbitrary code execution.
The kind of maliciously-crafted PDF used by the Jailbreakme.com exploit, for example.
Apparently, a stack buffer overflow existed in the way FreeType handled CFF opcodes but the issue has been overcome with better bounds checking.
The update is available through the normal iTunes channel, and automatically updates the firmware to 4.0.2. It doesn’t, however, fix either of the major problems which have been plaguing Apple and its latest smart phone. The death grip antenna problem is as bad as ever and this latest update surely puts a final nail in the hope that a software fix was possible. The proximity sensor balls-up, which reportedly can be fixed with a firmware tweak, will have to wait until iOS4.1 is released.
Starting the update process brings up the usual End User blurb, but an unfamiliar notification window pops up before you can continue the update. We might be mistaken but we don’t recall anything like this on previous iOS updates.
As expected, Apple’s servers were swamped with downloaders when we installed the update this morning, meaning we had to wait an unreasonable 45 minutes or so for the patch to download.
Eventually, everything installs without hitch and the firmware is updated to 4.0.2.
Now if our theory is right, a quick visit to jailbreakme.com is in order. Oh dear. Suspiscion confirmed.
The iPhone Dev Team has bragged that it has already found ‘thousands’ of similar holes in iOS4 to pick at, so don’t be surprised if Comex and his band of pesky cohorts come up with a new jailbreaking methodology in a matter of days, if not hours.
Given that there are so few viable reasons for users to jailbreak the iPhone nowadays (other than the always-irritating ‘sticking it to the man’ defence), maybe it’s time for Apple to just sit back and let them get on with it?
Leave a comment on this article