A patch for a hack and an eye for a tooth. Apple is now offering an update that addresses the well publicized “malicious PDF” attack vector. Although, this hack hasn’t yet been associated with malicious attacks in the wild, jailbreakers and their app thieving fellow travelers have.
Apple has released iOS 4.2.9 Software Update (CDMA iPhone) and iOS 4.3.4 Software Update (GSM iPhone 4, iPhone 3GS, iPad 2, iPad, third and fourth generation iPod touch). The mothership’s simple description of what these updates do reads: “Fixes security vulnerability associated with viewing malicious PDF files.”
See also: Is 99 cents too much for an iPhone game?
However, according to a related knowledge base security article three distinct vulnerabilities — two in CoreGraphics, one in IOMobileFrameBuffer — have been addressed. Suffice it to say that the words “buffer overflow” and “arbitrary code execution” are associated with these issues and that should be enough motivation for you to download and install the appropriate iOS update.