@mschmidler "Do note that by default, there's no separate PDF viewer on an iPhone. Instead, PDF viewing is built into the Safari browser. The attack uses a corrupted font placed inside the PDF file to crash the Compact Font Format (CFF) handler."
NOT Adobe. Apple. As many have said, Apple will be shown to be no better than microsoft, if not a lot worse, as their devices become more popular.
up next - a whole slew of worms/spyware/viruses exploiting critical OS X vulnerabilitie and still fanboys will claim OSX is safe and blame everyone else.
How about this. We'll pin this one on Adobe if from now on whenever an exploit is found in Windows that isn't 100% Microsoft code, we'll remove all blame from Microsoft.
@paul34 That's like saying the group that invented C++ is responsible for any virus/malware produced with their language. The writers of the .pdf reader (Apple) are responsible for how their software reads pdfs.
@angelusp I don't think you grasp the situation. Jailbreaking isn't the problem here, the exploit used to gain enough access to the phone to jailbreak it is, because it also allows an attacker to, instead of jailbreaking your phone, do whatever else they want instead. For example, to wipe your phone and install just one program that shows you photos of dicks. Get it now?
Apple has already patched it in OSX a few months ago, and the fix was arriving to iOS, as part of 4.1 release. In fact, its already in the 4.1 beta releases that were made in the last few weeks.
It was simple for comex to simply look up the security patch fix list for OSX, and see one which is also present in the iOS and use it, to get it working for releases prior to 4.1, which would have had the fix. He knew it he had it, as jailbreakme.com does not support 4.1 beta.
However, what Apple should have done is to release the fix to iOS a well via 4.1 and 4.0.2, before publishing the fix on its website for the world to know.
The X-Fi3 keeps with the company's commitment to audio fidelity, thanks to the apt-X codec, which supposedly offers audio quality similar to a wired connection when streaming. On that front, the device also handles FLAC files.
The most commented posts on Engadget over the past 24 hours.
Now that we've thrown 'em off the trail, use the form below to get in touch with the people at Engadget. Please fill in all of the required fields because they're required.
Lol: An Adobe product helps hacking an Apple product. Sort of.
@mschmidler "Do note that by default, there's no separate PDF viewer on an iPhone. Instead, PDF viewing is built into the Safari browser. The attack uses a corrupted font placed inside the PDF file to crash the Compact Font Format (CFF) handler."
NOT Adobe. Apple. As many have said, Apple will be shown to be no better than microsoft, if not a lot worse, as their devices become more popular.
up next - a whole slew of worms/spyware/viruses exploiting critical OS X vulnerabilitie and still fanboys will claim OSX is safe and blame everyone else.
@ajwoodhouse
Actually, the .pdf format was created by Adobe. So it is an Adobe product.
@paul34 : But the exploit is by malformed input. Is Adobe supposed to supply a specification for malformed input files?
The exploit is on software that does not validate its inputs.
@paul34
But its a Safari exploit.
How about this. We'll pin this one on Adobe if from now on whenever an exploit is found in Windows that isn't 100% Microsoft code, we'll remove all blame from Microsoft.
@paul34 That's like saying the group that invented C++ is responsible for any virus/malware produced with their language. The writers of the .pdf reader (Apple) are responsible for how their software reads pdfs.
Who cares! Jailibreak! Woo hoo!!!!
@ajwoodhouse
I thought iBooks was the dedicated PDF viewer. When I open a PDF on my iPhone it opens in iBooks.
@angelusp
I don't think you grasp the situation. Jailbreaking isn't the problem here, the exploit used to gain enough access to the phone to jailbreak it is, because it also allows an attacker to, instead of jailbreaking your phone, do whatever else they want instead. For example, to wipe your phone and install just one program that shows you photos of dicks. Get it now?
@angelusp did you read the article?
@ajwoodhouse,
This font rendering security hole in PDF renderer was known to Apple.
http://support.apple.com/kb/HT4131
Apple has already patched it in OSX a few months ago, and the fix
was arriving to iOS, as part of 4.1 release. In fact, its already in the 4.1 beta releases that were made in the last few weeks.
It was simple for comex to simply look up the security patch fix list for OSX, and see one which is also present in the iOS and use it, to get it working for releases prior to 4.1, which would have had the fix. He knew it he had it, as jailbreakme.com does not support 4.1 beta.
However, what Apple should have done is to release the fix to iOS a well via 4.1 and 4.0.2, before publishing the fix on its website for the world to know.
@grkhetan was known to apple, or Charlie Miller said something like "Apple your shit is busted. Again"