Two critical vulnerabilities in iPhone's iOS exploited in jailbreak - Update

[Peaches]

</h1>

<h1>Two critical vulnerabilities in iPhone's iOS exploited in jailbreak - Update

According to Vupen Security the PDF vulnerability exploit that allows iPhones to be jailbroken, to run non-Apple App Store apps, is actually two critical vulnerabilities. The vulnerabilities exist in iOS 3.x, 4.0 and 4.01 and affect iPhones, iPads and iPod touch devices.

The first vulnerability is, as previously reported, in the PDF rendering functionality of the iPhone, which allows an attacker to execute arbitrary code by inducing the processing of embedded font data to corrupt memory. This flaw in the Compact Font Format (CFF) handling can be exploited by merely tricking a user into visiting a specially crafted page. The second vulnerability is an error in the kernel, which allows attackers to elevate privileges and bypass the sandbox restrictions in iOS.

http://www.h-online.com/security/news/item/Two-critical-vulnerabilities-in-iPhone-s-iOS-exploited-in-jailbreak-Update-1050455.html