toggle

AAPL Stock: 103.08 ( + 0.61 )

Printed from http://www.macnn.com

Second bug found in iOS 7, lets users avoid passcode, make phone calls

updated 08:30 pm EDT, Fri September 20, 2013

First flaw easily avoided, new one not a security threat

As has happened with previous iOS releases, real-world user testing has uncovered a few bugs that slipped through the months-long beta process. Yesterday marked the discovery of the first serious bug, a method of bypassing iOS 7's lock screen security -- however, the flaw was complicated to achieve, easily avoided by simply disabling Command Center's optional ability to appear on the lockscreen prior to user passcode entry. The new issue takes advantage of a glitch in the emergency call feature to allow users to make regular phone calls, bypassing the passcode lock.

The bug is demonstrated in a YouTube video (seen below) and involves entering a phone number and then repeatedly pressing the call button until the call is placed. Normally, the emergency call function is only supposed to allow calls to 911 or other emergency numbers around the world. The flaw does not give attackers access to any other function or personal data, but can be used to make unauthorized phone calls if the person has physical access to an iPhone that is normally guarded by a passcode lock.

The earlier glitch found in Thursday would be considered more serious, as it allows users to bypass the lock screen entirely. Fortunately, that bug is easily avoided by disallowing the use of Command Center (a new feature in iOS 7 that makes it easier to turn functions on and off) from appearing on the lockscreen, thus requiring the passcode to gain access to it.

The new flaw has already been reported to Apple, and the company is likely to fix both problems in a future software update. New iPhone models have already been issued an iOS 7.0.1 version that is not available to older models running iOS 7. The updated firmware for the new iPhones is believed to correct some undisclosed issues with the Touch ID fingerprint sensor and iTunes Store authentication.





by MacNN Staff

toggle

Comments

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

Kenu Airframe Plus

Simple, stylish and effective, the Kenu Airframe + portable car mount is the latest addition to Kenu's lineup. Released earlier this ...

Plantronics Rig Surround 7.1 headset

Trying to capture the true soundscape of video games can be a daunting task. Looking to surround-sound home theater options, users hav ...

Adesso Compagno X Bluetooth keyboard

The shift from typing on physical keyboards to digital versions on smartphones and tablets hasn't been an easy for many consumers. Fr ...

toggle

Most Commented