iPhone 4.0.2/iPad 3.2.2 Update Patches JailbreakMe Vulnerabilities
Apple has today released iOS 4.0.2 (and iOS 3.2.2 for iPad) which patches the two vulnerabilities used by JailbreakMe. The first, as I mentioned in my original post on the topic, was in FreeType, a font engine library. Apple describes the issue as:
A stack buffer overflow exists in FreeType’s handling of CFF opcodes. Viewing a PDF document with maliciously crafted embedded fonts may allow arbitrary code execution. This issue is addressed through improved bounds checking.
The second vuln was in IOSurface, and allowed the exploit to escalate privileges to root, thus breaking out of Mobile Safari’s sandbox. IOSurface is a framework that contains low-level interfaces for sharing graphics surfaces between applications. The vulnerability is described as:
An integer overflow exists in the handling of IOSurface properties, which may allow malicious code running as the user to gain system privileges. This issue is addressed through improved bounds checking.
Apple’s original description of this update can be found here. Note that neither of these vulnerabilities were attributed to anyone (possibly because they weren’t actually disclosed through the proper channels).
These remotely-exploitable vulnerabilities are quite severe, and I definitely recommend all iPhone (and iPad) users to apply this update (including those of you who like to jailbreak).
Let’s see what the next Jailbreak will bring.
[Update 12/8/10] The source code for both of the exploits used by JailbreakMe is now available here.