August 9, 2010, 11:15AM
Apple Readies Patch for Jailbreakme.com Vulnerability
Comment 
USA Today's Byron Acohido is reporting that Apple plans to rush out a patch for the drive-by download flaw that allows jailbreaking if an iPhone, iPad or iPod Touch device simply surfs to a web site.
"The patch is completed, Apple spokeswoman Natalie Kerris said in an interview. But Kerris said on Friday that she was not able to give a time frame for its public release," Acohido wrote.
The vulnerability, in the way Apple's iOS processes CFF fonts, could lead to remote code execution. I
Here's the gist of the issue, from a US-CERT advisory:
By causing an application that uses FreeType to parse a specially-crafted CFF font, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. This can occur as the result of opening a PDF document or viewing a web page.
In the jailbreakme.com exploits, this flaw is being combined with a privilege escalation issue to get around Apple's security mechanisms.
Recommended Reads
Commenting on this Article is closed.
Today's Most Popular
Most Commented Stories
-
Mac OS X Sandbox Security Hole Uncovered (6)
-
Attackers Using Fake Google Analytics Code to Redirect Users to Black Hole Exploit Kit (6)
-
Flash With Sandbox in the Works for Firefox (4)
-
Anonymous Leaks FBI, Scotland Yard Phone Call Detailing Hacking Investigations (6)
-
Privacy Fail: Is Uncle Sam Encouraging Bad Security? (8)
Newsletter Sign-up
Take Our Poll
Follow Threatpost
 |  |  |  |
| Tumblr |
