toggle

AAPL Stock: 95.39 ( + 0.04 )

Printed from http://www.macnn.com

Second bug found in iOS 7, lets users avoid passcode, make phone calls

updated 08:30 pm EDT, Fri September 20, 2013

First flaw easily avoided, new one not a security threat

As has happened with previous iOS releases, real-world user testing has uncovered a few bugs that slipped through the months-long beta process. Yesterday marked the discovery of the first serious bug, a method of bypassing iOS 7's lock screen security -- however, the flaw was complicated to achieve, easily avoided by simply disabling Command Center's optional ability to appear on the lockscreen prior to user passcode entry. The new issue takes advantage of a glitch in the emergency call feature to allow users to make regular phone calls, bypassing the passcode lock.

The bug is demonstrated in a YouTube video (seen below) and involves entering a phone number and then repeatedly pressing the call button until the call is placed. Normally, the emergency call function is only supposed to allow calls to 911 or other emergency numbers around the world. The flaw does not give attackers access to any other function or personal data, but can be used to make unauthorized phone calls if the person has physical access to an iPhone that is normally guarded by a passcode lock.

The earlier glitch found in Thursday would be considered more serious, as it allows users to bypass the lock screen entirely. Fortunately, that bug is easily avoided by disallowing the use of Command Center (a new feature in iOS 7 that makes it easier to turn functions on and off) from appearing on the lockscreen, thus requiring the passcode to gain access to it.

The new flaw has already been reported to Apple, and the company is likely to fix both problems in a future software update. New iPhone models have already been issued an iOS 7.0.1 version that is not available to older models running iOS 7. The updated firmware for the new iPhones is believed to correct some undisclosed issues with the Touch ID fingerprint sensor and iTunes Store authentication.





by MacNN Staff

toggle

Comments

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

Fugoo Bluetooth speaker

It's rare to find a Bluetooth speaker that can cover a large array of needs. Generally, speakers are wrapped in a desktop-convenient ...

Epson LW-600P

Label makers are traditionally simple machines that perform a single task which people feel they can either live with or without. In m ...

Tylt Energi 2K battery pack

Backup batteries are gaining ground as one of the devices that, for many users, must be carried around every day. With lives connected ...

toggle

Most Commented