PDF Exploit Patched in iOS 4.0.2

This time last week, Apple released the second revision to its iOS4 mobile operating system. This incremental update is focused entirely on patching a security vulnerability associated with Safari’s handling of PDF files. Under the previous iterations of the OS, a malicious PDF file could break through security by exploiting and subsequently crashing the Compact Font Format Handler in Safari. Introduced alongside comex’s fairly innocuous web based “JailbreakMe” exploit, this vulnerability has raised several security concerns. Though the jailbreak is legitimate, the same PDF exploit easily opens the gateway to malicious attacks which could put a user’s data and hardware at risk. Though no such attacks have been reported, a user would merely have to open a PDF to put themselves at risk.

Sensing the potential danger, and attempting to maintain their grasp over unlocked phones, Apple was quick to roll out an update. Though this update fixes the Safari security vulnerability, it also disables any “extra” features users may have enabled on their devices. While the update weighs in at a sizable 500MB, it addresses no other issues besides the Safari exploit. Users experiencing other issues under iOS4 will unfortunately have to wait until iOS 4.1 before their problems are further addressed.

Releasing a fix for iPad users as well, Apple has updated the iPad’s OS to version 3.2.2. Both updates can be easily downloaded through iTunes. Upon syncing your device, you should be automatically prompted with a message alerting you to the update. As always, we recommend backing up your device before performing a software update.