Users who clicked on a link within mobile Safari could unknowingly download PDFs loaded with potential malware. (In an intentional use case, this exploit is the same one that allows hacks like the infamous JailbreakMe.com jailbreak hack to work.) The German government found this scenario to be such an urgent risk that it issued alerts about it recently, after which Apple vowed to patch the vulnerability.
(Apple Insider offers this bit of “techonese” to further explain: The company “said this is because a buffer overflow exists in FreeType’s handling of TrueType fonts, and a signedness issue exists in FreeType’s handling of Type 1 fonts.”)
Apple also patched the IOMobileFrameBuffer, to address invalid type conversion. Without it, malicious code could gain system privileges by impersonating the user.
To snag this, just connect an iOS device to your desktop iTunes and hit “check for update.”
[via Apple Insider]