Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Apple Fixes iOS PDF Security Hole With iOS 4.0.2 and 3.2.2

KnightWRX said:
Everyone who doesn't upgrade deserve whatever happens next in regards to this vulnerability. Remote root exploits should be plugged ASAP by anyone who values their computing experience.



Next ? If I was in the process of writing malicious code, I'd be thrilled jailbreakme.com put such a stigma around fixing this one. Look at this thread... All the work is already done, all that it needs now is a nasty payload.
Click to expand...

+++

The media hypes up the slightest Apple vulnerability like none other. However, on this occasion, when Apple has a legitimate, and serious vulnerability, there is almost no talk of it.

This is a huge bug, and probably a bigger danger than any other, that Apple has released.

I wouldn't be surprised if the guy who discovered it, figured that the best way to compromise all these people's phones was to first use it to jailbreak iPhones, therefore ensuring that people did not apply the patch when Apple released it, although Apple has done a good job of releasing a patch within about a week of knowing the problem.
 
bobthedino said:
Well it looks like part of the Safari/PDF vulnerability was caused by the open source FreeType font library, as explained in Apple's security notes and this note from the FreeType guys
Click to expand...

Thanks for the link :)

So the question is does Apple have the resources to fix such problems in third party libraries, or does it have to wait for the developers of these libraries to fix the problems first?
Click to expand...

Like many things, I suppose it is a question of priorities. I would be interested to know if Apple is pre-empting problems by fuzzing and testing for vulnerabilities.
 
I wonder if this fixes the dreaded call answer issue. I have iphone 4, and I can't answer half my calls. I flip the bar and it flips right back. Arghhh...
 
my phone froze during update..still in updating iphone screen with bar not moving for about 1 hour:mad:
 
bobthedino said:
Well it looks like part of the Safari/PDF vulnerability was caused by the open source FreeType font library, as explained in Apple's security notes and this note from the FreeType guys: http://sourceforge.net/projects/freetype/files/freetype2/2.4.2/NEWS/view

I bet a lot of Apple's security issues are caused by the open source software they use. Probably any other software that uses FreeType will be vulnerable until patched, too.

So the question is does Apple have the resources to fix such problems in third party libraries, or does it have to wait for the developers of these libraries to fix the problems first?
Click to expand...

Surely they can fix it and then open-source the solution.
 
addicted44 said:
I wouldn't be surprised if the guy who discovered it, figured that the best way to compromise all these people's phones was to first use it to jailbreak iPhones, therefore ensuring that people did not apply the patch when Apple released it, although Apple has done a good job of releasing a patch within about a week of knowing the problem.
Click to expand...

Or not, since dev team is one of the most well-respected hacking groups around.

The only thing I will say, is that the jailbreak made the exploit widely known, such that someone else might learn about it and try to use it. But at the same time, making the exploit widely known probably reduced the response time for Apple to fix it.
 
I don't understand why you would want 4.0 on a first gen iPhone. Just see what happens to the 3G with iOS 4. I guess it comes down wether you would put up with the sluggishness for new features.
 
chelloveck said:
I don't understand why you would want 4.0 on a first gen iPhone. Just see what happens to the 3G with iOS 4. I guess it comes down wether you would put up with the sluggishness for new features.
Click to expand...

I don't want or need iOS4 on my iPT. I just want the security patch to my otherwise perfectly functional 3.1.3 device that's just under 2 years old. I shouldn't need to buy a new device to be secure.
 
Can anyone test "Handy Light" to see if it breaks the tethering on that easter egg app?
 
jeff33702 said:
Starting to wonder if they are going to ignore the proximity sensor issues. Maybe it's the hardware, not the software? Wouldn't THAT be something - another hardware failure that they need to find a way to make it seem like its the customers fault. ...
Click to expand...

I doubt they are ignoring the issue. And it's doubtfully a hardware issue either, as I've experienced the problem with my iPhone 3G after updating to iOS 4.x. Muted a couple of calls unexpected. Never happened before 4.x.

People need to realize how complex software development is. And that issues get tackled by different teams. Software development is usually "branched" to target different goals. When the PDF exploit was identified, Apple branched their stable iOS release, developed a fix, tested it, and then rolled out a release with just that fix in place. Fixes for the other issues are happening in parallel and will be rolled into iOS when they are ready. Simple as that.

The attitudes here astonish me. The Mac universe was much more pleasant before everybody and their dog was a user of Apple products.
 
chelloveck said:
I don't understand why you would want 4.0 on a first gen iPhone. Just see what happens to the 3G with iOS 4. I guess it comes down wether you would put up with the sluggishness for new features.
Click to expand...

As pointed out by someone else in response to your post, the first iPhone and 3G have the same processor and RAM. Despite just the 3G functionality being the big selling point, there may have been some other architectural changes that prevent iOS 4.0 from running well.

And I fully expect future updates (hopefully 4.1) to further fix the performance issues. They made some good progress with 4.0.1.
 
Let me get this straight... The only thing Apple "fixed" with this update was to close the loophole where you can jailbreak it from a website? So, nothing has been done for those iPhone 3G users like me, who have been suffering with horrible performance issues since upgrading to iOS4?
All Apple seems to care about it how you use the phone, and not how well the phone actually works. I'll remember this when it comes time to replace my phone in a few months, that is, if I can wait that long with this super slow iPhone 3G.
 
4.0.2 Otb?

Would the iPhone 4 I've ordered, which should ship in 4 days, contain firmware 4.0.2 OTB?

Could someone shed some light on this from past experiences?

Thanks.
 
GodWhomIsMike said:
Let me get this straight... The only thing Apple "fixed" with this update was to close the loophole where you can jailbreak it from a website? So, nothing has been done for those iPhone 3G users like me, who have been suffering with horrible performance issues since upgrading to iOS4?
All Apple seems to care about it how you use the phone, and not how well the phone actually works. I'll remember this when it comes time to replace my phone in a few months, that is, if I can wait that long with this super slow iPhone 3G.
Click to expand...

4.1

alghawas said:
Would the iPhone 4 I've ordered, which should ship in 4 days, contain firmware 4.0.2 OTB?

Could someone shed some light on this from past experiences?

Thanks.
Click to expand...

You'll need to download the update.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back