Apple releases iOS 4.3.4 to fix latest jailbreak vulnerability
As promised, Apple just issued the iOS 4.3.4 update for the iPhone, iPod touch and iPad, and though you won’t find any new features in this release, it does patch a vulnerability recently made public by the launch of a recent jailbreak exploit.
JailbreakMe 3.0 was launched earlier this month and is undoubtedly the easiest method of jailbreaking an iOS device. Traditional methods required a user to have a computer along with a copy of their firmware and a special program with which to perform the hack. JailbreakMe simply requires a user to visit a website in mobile Safari and begin the process, which takes just seconds.
The exploit works by using a security hole in Apple’s mobile Safari browser, through which a PDF file is loaded onto the device to gain access to root privileges. However, users could have potentially loaded “malicious” PDFs unknowingly while browsing the web, which could have caused all sorts of issues with their device.
Apple promised it would fix the vulnerability on July 7, shortly after the JailbreakMe 3.0 website went live, and it’s now available through iTunes.
The latest release is version 4.3.4 for GSM iPhones, or version 4.2.9 for the CDMA device built for Verizon. Apple’s release notes confirm the security fix:
iOS 4.3.4 Software Update
Fixed security vulnerability associated with viewing malicious PDF files.
Of course, updating to the latest release means you’ll lose your jailbreak and you won’t be able to use JailbreakMe again. For those wishing to maintain their jailbreak but are concerned about the security vulnerability, the iPhone Dev-Team recommends you install “PDF Patcher 2” from within Cydia which will patch the hole.