APPLE-SA-2010-08-11-1 iOS 4.0.2 Update for iPhone and iPod touch  
Wednesday, August 11, 2010 at 09:32PM
drStrangeP0rk in Apple, CRITICAL, Updates, iOS4, iPhone, iPod

Apple has released updates to address CVE-2010-1797 (FreeType) and CVE-2010-2973 (IOSurface) vulnerabilities. These vulnerabilities were being used by the jailbreakme_com site which users could visit to jailbreak their phone. Reports of the vulnerability being exploited in the wild surface but were unsubstantiated. 

A PDF file could be used to exploit a stack buffer overflow in FreeType handling of CCF opcodes resulting in arbitrary code execution. The issue has been solved by establishing better bounds checking. In addition an integer overflow existed in the IOSurface which allowed elevated privileges to be gained. The combination of the above vulnerabilities resulted in a jail broken iPhone or could be leveraged by malicious attackers using spear phish, drive by downloads or mass malware assault. Users should update their IPhone and IPod Touch using iTunes immediately. 

Article originally appeared on magmatic.com (http://www.magmatic.com/).
See website for complete article licensing information.