Apple patches security hole in pair of iOS updates

Dan Moren
12 August, 2010
View more articles fromthe author

As promised last week, Apple delivered a patch to fix a pair of security vulnerabilities on iOS devices. The patch came in the double-barrelled form of iOS 4.0.2 for iPhone and iPod touch and iOS 3.2.2 for iPad, both of which the company released overnight.

The security patches are the only changes in the updates, but they’re significant ones. The first addresses a flaw in PDF handling that could allow a maliciously-crafted PDF to execute arbitrary code; the second hole allowed code to gain escalated privileges, allowing it to potentially affect other installed applications as well as the iOS software itself.

The pair of vulnerabilities were first uncovered by hackers, who used the combination of the two to enable jailbreaking of iOS devices via the web. Security experts quickly cautioned that a maliciously crafted PDF could theoretically use the hole for other, more nefarious purposes. Apple investigated the problem and said last week that it would soon offer a fix for the holes.

Both updates are available via iTunes upon connecting their respective iOS devices, but update size will vary by device model. iOS 4.0.2 is compatible with any iPhone 3G, iPhone 3GS, iPhone 4, or second- and third-generation iPod touch running iOS 4.0 or later; iOS 3.2.2 is compatible with iPads running iOS 3.2 or later.


5 people were compelled to have their say. We encourage you to do the same..

  1. Paul says:

    Just done the update and now has a brick which used to be a working iPhone 4. Not happy. Now left with no mobile phone and lives in rural NSW. Looks like I’m buggered

  2. Paul says:

    My iPhone 4 is heading back to Apple now that they couldn’t fix it over the phone. We think my phone was faulty from the start. I couldn’t tether with it and it’s signal was low even thou I live 3 houses down from the tower. Was going to take it onto a Apple store when in Melbourne next month but instead it’s now heading into Apple.

    It does make me wonder if others have had the same thing happen to their new iPhone 4. I was able to update my old iPhone 3GS to iOS 4.0.2 without an issue.

  3. AMW staff says:

    Good to hear you got it sorted, Paul. Let us know how the new phone goes.

  4. Paul says:

    I have had to make up a little adapter so my micro sim could work in my old iPhone 3GS. Just not happy that my new iPhone only lasted 3 days. I do think Apple should have something in place so people like myself are not left without a phone for as long as it’s going to be, but I guess no other communications/phone companies do this. They should do something for customers like myself that don’t live near Apple store or your phone carriers store. the closest Apple store for me in about 500kms away and it’s just as bad for my phone dealer.

  5. Paul says:

    Just receoved my replacement iPhone 4 from Apple. Very happy with Apple’s service. It took them less than 24 hours once they received my phone. In total it all took 1 week. Apple’s Apple Care was fast and the person I spoke to at Apple, Charmi.

    This was the first time I have had to return a Apple product and it’s been one of the best customer service I’ve received from a big company.

    People say some bad things about Apple and I now a few of them, well they wouldn’t get the type of service I’ve received from their PC (Windows) companies. This has just made me love Apple even more.

Leave a Comment

Please keep your comments friendly on the topic.

Contact us