Apple has updated the iOS on iPhones and iPods through its iTunes service to fix two vulnerabilities, including the widely discussed .pdf security problem that made headlines earlier this month.
That hole (CVE-2010-1797) made it possible for a malicious PDF document with specially crafted embedded fonts to execute code on the devices. This was the same vulnerability that enabled a web site (jailbreakme.com) to jail break iPhones – a story that also made the news recently.
The patch also fixes a second weakness (CVE-2010-2973), which is in the handling of IOSurface properties that could allow an intruder to run malicious code as the user and get system privileges.
Update notice on Apple Support page here.
Tom Kelchner