Apple Patches Critical iOS Vulnerabilities

Apple has released updates to its iOS platform which address the critical PDF reader and I/O Kit vulnerabilities exploited by the JailbreakMe service to unlock devices.

iOS 4.0.2 was made available for iPhone and iPod touch and iOS 3.2.2 for the iPad. As usual, people can download and install the updates through iTunes.

At the beginning of this month a website called JailbreakMe.com baffled security researchers when it began allowing iPhone, iPad and iPod touch users to unlock their devices by simply visiting it.

After some investigation and reverse engineering the experts discovered that the service exploited two previously unknown vulnerabilities in Apple's iOS operating system.

The sophisticated jailbreaking method which involved chaining two exploits together by using one as the payload for the other, even managed to impress reputed Apple hacker Charlie Miller.

However, the attack worried some antivirus vendors, which issued warnings that malicious hackers could start leveraging the JailbreakMe exploits to infect users with malware.

The risk became even higher when it was revealed that one of the vulnerabilities, which affected iOS' native PDF reader, was actually located in code borrowed from an open source font engine called FreeType used by other software projects as well.

"A stack buffer overflow exists in FreeType's handling of CFF opcodes. Viewing a PDF document with maliciously crafted embedded fonts may allow arbitrary code execution," Apple explains in its newly released advisory.

The other vulnerability is in the operating system's driver framework, known as the I/O kit, and consists of an integer overflow in the handling of IOSurface properties.

According to the iPhone maker, both vulnerabilities, identified as CVE-2010-1797 and CVE-2010-2973 were fixed by improving bounds checking.

Apple's incident response for the JailbreakMe exploits has been one of the fastest, if not the fastest, in the company's history, which led some people to ask why the vendor doesn't treat other critical vulnerabilities with a similar priority.

"Apple no patchy os x. Is it not vulnerable or do they only care in stopping jailbreaking?," Charlie Miller wrote on his Twitter feed after the iOS updates were announced.

You can follow the editor on Twitter @lconstantin