toggle

AAPL Stock: 98.42 ( + 0.75 )

Printed from http://www.macnn.com

Second bug found in iOS 7, lets users avoid passcode, make phone calls

updated 08:30 pm EDT, Fri September 20, 2013

First flaw easily avoided, new one not a security threat

As has happened with previous iOS releases, real-world user testing has uncovered a few bugs that slipped through the months-long beta process. Yesterday marked the discovery of the first serious bug, a method of bypassing iOS 7's lock screen security -- however, the flaw was complicated to achieve, easily avoided by simply disabling Command Center's optional ability to appear on the lockscreen prior to user passcode entry. The new issue takes advantage of a glitch in the emergency call feature to allow users to make regular phone calls, bypassing the passcode lock.

The bug is demonstrated in a YouTube video (seen below) and involves entering a phone number and then repeatedly pressing the call button until the call is placed. Normally, the emergency call function is only supposed to allow calls to 911 or other emergency numbers around the world. The flaw does not give attackers access to any other function or personal data, but can be used to make unauthorized phone calls if the person has physical access to an iPhone that is normally guarded by a passcode lock.

The earlier glitch found in Thursday would be considered more serious, as it allows users to bypass the lock screen entirely. Fortunately, that bug is easily avoided by disallowing the use of Command Center (a new feature in iOS 7 that makes it easier to turn functions on and off) from appearing on the lockscreen, thus requiring the passcode to gain access to it.

The new flaw has already been reported to Apple, and the company is likely to fix both problems in a future software update. New iPhone models have already been issued an iOS 7.0.1 version that is not available to older models running iOS 7. The updated firmware for the new iPhones is believed to correct some undisclosed issues with the Touch ID fingerprint sensor and iTunes Store authentication.





by MacNN Staff

toggle

Comments

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

JBL Synchros E40BT headphones

For all the different configurations of headphones on the market, it's always a tough choice for buyers to get something that is just ...

Razer Taipan mouse

The list of gaming devices is growing larger with each passing day. A large number of companies have entered the gaming input arena, a ...

Cambridge Audio DacMagic XS

Every computer with a microphone or headphone port has one -- a digital to analog converter (DAC). There are nearly as many chipsets a ...

toggle

Most Commented