PDF Exploit Patched in iOS 4.0.2

ByMike Moffit

This time last week, Apple released the second revision to its iOS4 mobile operating system. This incremental update is focused entirely on patching a security vulnerability associated with Safari’s handling of PDF files. Under the previous iterations of the OS, a malicious PDF file could break through security by exploiting and subsequently crashing the Compact Font Format Handler in Safari. Introduced alongside comex’s fairly innocuous web based “JailbreakMe” exploit, this vulnerability has raised several security concerns. Though the jailbreak is legitimate, the same PDF exploit easily opens the gateway to malicious attacks which could put a user’s data and hardware at risk. Though no such attacks have been reported, a user would merely have to open a PDF to put themselves at risk.

Sensing the potential danger, and attempting to maintain their grasp over unlocked phones, Apple was quick to roll out an update. Though this update fixes the Safari security vulnerability, it also disables any “extra” features users may have enabled on their devices. While the update weighs in at a sizable 500MB, it addresses no other issues besides the Safari exploit. Users experiencing other issues under iOS4 will unfortunately have to wait until iOS 4.1 before their problems are further addressed.

Releasing a fix for iPad users as well, Apple has updated the iPad’s OS to version 3.2.2. Both updates can be easily downloaded through iTunes. Upon syncing your device, you should be automatically prompted with a message alerting you to the update. As always, we recommend backing up your device before performing a software update.

Similar Posts

  • Apple Announces iOS 5

    Apple today previewed iOS 5, the next major iteration of its mobile iOS operating system. Sporting a fall release, iOS 5 contains over…

  • Office 2007 .DOCX Issues

    A couple of months ago, Microsoft released Office 2007 for Windows PCs. This new version of Office uses a new file format called…

  • Changes Abound in AT&T's Newly Announced Tethering and Data Plans

    As of this morning, AT&T has officially announced tethering for iPhone. While this feature is long overdue and will undoubtably make many iPhone customers happy, not all of the news is good. With the announcement of tethering, AT&T has also made some major changes to both the iPhone and iPad data plans. By far the most controversial move on AT&T’s part is the introduction of data limits on their previously “Unlimited” 3G data plans.

    Starting June 7th, AT&T will do away with their $30 unlimited plan for new iPhone users. In its place, two new plans with limited data caps will be introduced.

    *Data Plus: 200MB for $15/month. (Additional 200 MB for an extra $15)*

    This plan seems most ideal for “light” iPhone users, or those who have consistent Wi-Fi access throughout their day. Still, the plan seems a little stingy for anyone looking to stream any kind of media over the 3G network even if it is for a short period of time. Even regular web browsing/emailing over 3G can add up quickly when navigating to data rich pages or downloading attachments.

    *Data Pro: 2GB for $25/month. (Additional 1 GB for an extra $10)*

    While AT&T claims 98% of iPhone users use less than 2GB/month, the prospect of a limited data plan still seems a bit frightening. For anyone regularly streaming video to their device over 3G via apps like “Air Video”:http://www.inmethod.com/air-video/index.html;jsessionid=471FDB20A2C224C651F1FB031E413F4B, it is possible to hit 2GB of data in only a few days of regular use. Even over the course of a month, regularly using streaming radio apps like Pandora or Slacker can seriously add up.

    *Tethering: Extra $20/month for Data Pro Customers*

    Tethering is slated to be deployed with the release of iPhone OS 4.0 sometime this summer. As of now, the option is only available for Data Pro ($25/mo.) customers. The added $20/month to enable tethering raises the price of the comprehensive package to $45/month. That’s $15 more than the current Unlimited plan, but with the 2GB/mo. cap still in place.

    The newly established Data Plus plan will become available on the 7th, and the Data Pro plan will replace the formerly available $30/month unlimited data option. AT&T has confirmed that this new limited plan will replace the current $30 Unlimited iPad plan as well.

    If this isn’t quite music to your ears, don’t fret. AT&T claims that existing iPhone and iPad users with unlimited data plans will be “grandfathered” into the new program. This essentially means that existing iPhone and iPad users will be able to keep their current unlimited plans with the option of opting for a new plan at some point in the future if they choose.

    This controversial move has riled up some customers and has generated a very mixed response towards AT&T. While light data users will benefit from the option of the cheaper $15/month Data Plus plan, the majority of iPhone and especially iPad users who enjoy streaming media services such as Pandora and Netflix over 3G will likely feel a bit upset. While I have my own opinions regarding this issue, it would be great to hear other thoughts as well.