Apple has just released iOS 4.3.4 in iTunes. The new firmware should be available now if you check for updates, and it is supposed to fix an issue that allows jailbreaking an iOS 4.3.3 device through a PDF vulnerability. Apple describes the technical fixes in a support document:
Impact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution
Description: A buffer overflow exists in FreeType's handling of TrueType fonts. Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution.
Users who have jailbroken their devices using JailbreakMe will obviously need to stay away from the update if they want to keep Cydia and other installed jailbreak tweaks -- Apple had already confirmed a fix was coming to patch the PDF security hole that could allow for other malicious exploits, not necessarily related to jailbreak.
Here are the direct links for iOS 4.3.4:
- iPhone 3GS
- iPhone 4 (GSM)
- iPad 2 (also iPad 2,2 and iPad 2,3)
- iPod touch 3rd gen
- iPod touch 4th gen
Apple has also released iOS 4.2.9 for the Verizon iPhone, which you can download here.