Time: 2011-07-19 Quote From: Click:
As we’ve speculated over the last few days, iOS 4.3.4 made its debut on iTunes. The new release, without clear release notes, addresses the PDF exploit in Mobile Safari used by JailbreakMe.
The release notes aren’t clear, only alleging "security fixes", although we can confirm that JailbreakMe 3.0 doesn’t work in this release. Blocking this untethered jailbreak was Apple’s only goal with this release.
Any device supported by iOS 4.3, namely the 3rd and 4th generation iPod touch, the iPhone 3GS , the iPhone 4 and the iPad. While Apple clearly hadn’t planned for this release in advance, circumstances forced it: with such an important threat in the wild, not only allowing for a jailbreak, which in and of itself Apple dislikes, but also open up a huge breach that could lead unsuspecting users to have malware loaded onto their devices.
JailbreakMe 3.0 is a jailbreaking solution that allows devices to be hacked without a computer, just by pointing Mobile Safari to a JailbreakMe’s website. A pre-released version of this tool was leaked over the weekend, providing an untethered jailbreak for the iPad 2 for the first time ever before the final official release was made last week. Consequently, Apple began working on iOS 4.3.4 to address this issue.
It should be needless to say that if you’ve jailbroken or are planning to jailbreak your iPad 2 using JailbreakMe, stay away from this update and install PDF Patcher 2 from Cydia instead, which provides the same benefits as this update, plus it won’t break your jailbreak.. Most users might as well just wait for iOS 5, which should come out sometime in the Fall.
In order to install this update, connect your phone to your computer and launch iTunes, if it hasn’t launched automatically. From there, select your device from the sidebar, click on "Check for Updates" and select "Download and Install" when prompted. After a rather large download, your device should begin to update.
Direct Download Links for iOS 4.3.4 (Official from Apple)
After you’ve downloaded your device’s respective firmware, you can install the software manually by launching iTunes, locating your device on the sidebar and pressing "Restore" while holding the Shift key on Windows and Alt on the Mac.
Update 1: Apple has now published a support document, confirming that PDF exploit exposed by JailbreakMe 3.0 has been fixed.
Impact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution
Description: A buffer overflow exists in FreeType’s handling of TrueType fonts. Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution.