Apple closes iPhone jailbreak vulnerability
Apple has released iOS 4.0.2 for iPhones and iOS 3.2.2 for iPads to close the two vulnerabilities which were used to jailbreak iPhones, iPod touches and iPads through the web browser. Jailbreaking is a process where Apple's controls on the content of the iPhone are removed and is used for installing third party applications which are not approved by Apple. The vulnerabilities are believed to have only been exploited for jailbreaking so far but they exposed the devices to the possibility of a malicious attack through the web browser which only required the user to view a crafted PDF file.
The first vulnerability, a stack overflow in the PDF rendering components of the iPhone operating system, allowed code to be executed remotely by manipulating embedded fonts in a PDF document. This allows code to be run which exploits the second vulnerability, an integer overflow in IOSurface. This second vulnerability could be used to elevate privileges to gain system level access. The first flaw is actually found in the open source FreeType library which Apple and other vendors use for font rendering.
According to Apple's details, the vulnerabilities exist on iOS 2.0 and later on iPhones, iOS 2.1 and later on the iPod touch and iOS 3.2 and 3.2.1 on the iPad. The update is not mandatory, but all users will be offered the update through iTunes. Installing the update will undo any jailbreak previously done on the device. The updates vary in size from 579MB for the iPhone 4, 456MB for the iPad and 378MB for the iPhone 3GS and there are no other changes apart from the fixes for the vulnerabilities.
Security experts at F-Secure advised users that, despite no malicious attacks having appeared for the vulnerabilities, they should install the updates "right away". They also warned users of jailbroken devices who are not planning to update in order to retain their jailbroken status that they "will have face the increased likelihood of malicious attacks through this vulnerability"; the author of jailbreakme, Comex, published the source code for the exploit and jailbreak yesterday.