Apple Readies Patch for Vulnerability

Type threatpost
Reporter Ryan Naraine
Modified 2013-04-17T16:36:22


USA Today’s Byron Acohido is reporting that Apple plans to rush out a patch for the drive-by download flaw that allows jailbreaking if an iPhone, iPad or iPod Touch device simply surfs to a web site.

“The patch is completed, Apple spokeswoman Natalie Kerris said in an interview. But Kerris said on Friday that she was not able to give a time frame for its public release,” Acohido wrote.

Related Posts

Apple Patches Trident Vulnerabilities in OS X, Safari

September 2, 2016 , 10:00 am

Putting Apple Bug Bounty Rewards in Perspective

August 10, 2016 , 11:00 am

iOS 9.3.4 Patches Critical Code Execution Flaw

August 8, 2016 , 9:00 am

The vulnerability, in the way Apple’s iOS processes CFF fonts, could lead to remote code execution. I

Here’s the gist of the issue, from a US-CERT advisory:

By causing an application that uses FreeType to parse a specially-crafted CFF font, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. This can occur as the result of opening a PDF document or viewing a web page.

In the exploits, this flaw is being combined with a privilege escalation issue to get around Apple’s security mechanisms.