iOS Security Updates
iPod, iPhone and iPad users MUST immediately apply the security updates.
Visit Apple Security Updates for details.
iPhone and iPod http://support.apple.com/kb/HT4292
This will protect you from in-the-wild drive-by download hack attack!
JailBreakMe by comex (et al.) demonstrated a serious security hole that allows users to jailbreak their iOS devices simply by just visiting a website and/or tapping a link. This security hole is very dangerous, by just browsing the web users could be exposed from abusive sites that may harvest their credentials and information.
How it work?
Safari browser loads a crafted PDF that exploits the following vulnerabilities:
First, it is triggered by unrecognized font, the Compact Font Format (CFF ) Type 1C, which causes the second exploit code to execute. This vulnerability is referred as CVE-2010-1797.
Second, the value is too large for the integer data type to handle(refer example IOSurface property list below), resulting to execution of malicious code running as user to escalate to system or root privilege.
This vulnerability is referred as CVE-2010-2973.
So, an attacker entice a targeted user to open a URL. Upon opening the URL in Safari the PDF file will be automatically parsed and exploitation will occur. The file may also arrive as an email attachment.