Three weeks ago a ‘mysterious’ new jailbreak technique was posted to jailbreakme.com. Research to date indicates that this technique leverages two distinct vulnerabilities to gain access to devices. The first issue exploited is a FreeType CFF font handling issue, exploitable via MobileSafari. The second issue exploited is an IOSurface framework issue that allows for privilege escalation to root, and eventual complete compromise of devices.
Fortunately for many, Apple has released an update that addresses both issues (HT4291,Â HT4292). This update should prevent both malicious attackers from exploiting these vulnerabilities, as well as prevent the jailbreak technique from continuing to work (for devices with the update installed).
Great news on the vulnerability front, no doubt. But are 25+ million iPhones truly safe again?Â Maybe.