Could allow pulling data via USB

Another lockscreen bypass vulnerability has been discovered in iOS 6.1, says Vulnerability Lab CEO Benjamin Kunz Mejri. The second is similar to the first one, in that it involves iOS' Emergency Call feature. "The vulnerability is located in the main login module of the mobile iOS device (iPhone or iPad) when processing to use the screenshot function in combination with the emergency call and power (standby) button," Mejri writes. "The vulnerability allows the local attacker to bypass the code lock in iTunes and via USB when a black screen bug occurs."

The bypass could potentially allow someone with a stolen device to pull contacts, voicemail, and/or other content off of it. It's unknown if the iOS 6.1.3 beta fixes the new exploit; while dealing with the same general problem, v6.1.3 may or may not solve a fundamental bug.

by MacNN Staff