iOS updates plug PDF holes

Apple on Friday moved to plug the vulnerabilities in MobileSafari flagged up ten days ago by the German government. The weaknesses could allow maliciously-crafted PDF files to infect iDevices without installing additional malware, the Germans warned.

So now the king of consumer gadgetry has issued two flavours of the update aimed to plug the holes in all its iDevices.

One update for iPad and iPad 2, later iPod Touch devices, standard (GSM) iPhone 4s and the iPhone 3GS, is labelled iOS 4.3.4. A separate update for CDMA iPhone 4s is labelled iOS 4.2.9.

Apple confirmed a vulnerability exists in FreeType's handling of Type 1 fonts, which a maliciously crafted PDF file could use to execute arbitrary code. It also said an invalid type conversion 'issue' exists in the use of IOMobileFrameBuffer queueing primitives, which could allow malicious code running as the user to gain system privileges

The update is likely to disable the latest web-based JailbreakMe exploit which unlocks the innards of an iDevice allowing software not screened by Apple to be installed.

We'll have to wait and see how long it takes the Jailbreakers to work around this latest Band Aid.