Print 31 comment(s) - last by rbuszka.. on Sep 27 at 10:02 AM

Apple is working on a fix now

Apple just released its latest operating system yesterday -- iOS 7 -- and as expected with new releases, users are finding bugs. The most recent find allows anyone to bypass an iPhone user's lockscreen and access their photos, Twitter, email and more. 

According to Forbes, Jose Rodriguez -- a 36-year-old soldier from Spain’s Canary Islands -- found the lockscreen vulnerability in his free time. He is known for finding lockscreen security flaws in previous versions of iOS as well. 

The lockscreen flaw in iOS 7 allows someone to bypass the passcode screen entirely by swiping up to access the "Control Center," and opening the alarm clock. They then hold the phone's sleep button down -- which offers the option to power it off -- but instead, they hit "cancel" and double click the home button to access the multitasking screen.

From there, it's free access to the iPhone's camera and photos, as well as options to share them through Twitter, Facebook and email. Check it out in this video:

It's not clear if this is a problem with the iPhone 5S or 5C yet, but it's been a proven issue in the iPhone 4 and 5 as well as the iPad. 

Apple is already aware of the problem, and says it will be fixed in a future software update. 

“[Apple] takes security very seriously and we’re aware of this issue," said an Apple spokesperson. "We’ll deliver a fix in a future software update.”

Until that fix is released, users can disable access to the Control Center from their lockscreen by choosing Settings>Control Center>Access on Lock Screen and toggle it off. 

Source: Forbes

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

RE: That....
By amanojaku on 9/20/2013 12:29:21 PM , Rating: 3
Bugs happen, but Apple thinks differently. And the company does not fix things quickly, unless it becomes publicly known.
The oldest bug in the batch appears to be a kernel issue from 2011 discovered by Marc Heuse where-in an attacker could have sent specially crafted IPv6 packets to an iPhone 4 and caused a high CPU load. While the bug is known as CVE-2011-2391 in the Common Vulnerabilities and Exposures database, the CVE warns the attached date does not necessarily reflect when the vulnerability was discovered.

Several vulnerabilities from 2012 are also addressed in the update, all involve fixing arbitrary code execution bugs in the libxml and libxslt libraries.

I'm pissing on Apple the same way I did MS when it hid the truth and was slow to fix things, and I'd piss on Google if it hid vulnerabilities.

"What would I do? I'd shut it down and give the money back to the shareholders." -- Michael Dell, after being asked what to do with Apple Computer in 1997

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki