MacNN Forums (http://forums.macnn.com/)
-   Mac News (http://forums.macnn.com/mac-news/)
-   -   Second bug found in iOS 7, lets users avoid passcode, make phone calls (http://forums.macnn.com/112/mac-news/504229/second-bug-found-ios-7-lets/)

 
NewsPoster Sep 20, 2013 09:57 PM
Second bug found in iOS 7, lets users avoid passcode, make phone calls
As has happened with previous iOS releases, real-world user testing has uncovered a <a href="http://macnn.com/rd/294488==http://www.macnn.com/articles/13/09/19/mimics.previously.documented.vulnerabilities/" rel='nofollow'>few bugs</a> that slipped through the months-long <a href="http://macnn.com/rd/294489==http://www.macnn.com/articles/13/08/15/public.debut.of.ios.should.happen.soon.after/" rel='nofollow'>beta process</a>. Yesterday marked the discovery of the first serious bug, a method of bypassing iOS 7's lock screen security -- however, the flaw was complicated to achieve, <a href="http://macnn.com/rd/294488==http://www.macnn.com/articles/13/09/19/mimics.previously.documented.vulnerabilities/" rel='nofollow'>easily avoided</a> by simply disabling Command Center's optional ability to appear on the lockscreen prior to user passcode entry. The <a href="http://macnn.com/rd/294491==http://www.youtube.com/watch?v=L_1Tary_Qoc" rel='nofollow'>new issue</a> takes advantage of a glitch in the emergency call feature to allow users to make regular phone calls, bypassing the passcode lock.<br />
<br />
The bug is demonstrated in a YouTube <a href="http://macnn.com/rd/294492==http://www.youtube.com/watch?v=L_1Tary_Qoc" rel='nofollow'>video</a> (seen below) and involves entering a phone number and then repeatedly pressing the call button until the call is placed. Normally, the emergency call function is only supposed to allow calls to 911 or other emergency numbers around the world. The flaw does not give attackers access to any other function or personal data, but can be used to make unauthorized phone calls if the person has physical access to an iPhone that is normally guarded by a passcode lock.<br />
<br />
The earlier glitch found in Thursday would be considered more serious, as it allows users to bypass the lock screen entirely. Fortunately, that bug is easily avoided by disallowing the use of Command Center (a new feature in iOS 7 that makes it easier to turn functions on and off) from appearing on the lockscreen, thus requiring the passcode to gain access to it.<br />
<br />
The new flaw has already been reported to Apple, and the company is likely to fix both problems in a future software update. New iPhone models have already been issued an iOS <a href="http://macnn.com/rd/294493==http://www.electronista.com/articles/13/09/20/new.ios.7.outpacing.even.ios.6.in.rapid.adoption.b y.users/" rel='nofollow'>7.0.1 version</a> that is not available to older models running iOS 7. The updated firmware for the new iPhones is believed to correct some undisclosed issues with the Touch ID fingerprint sensor and iTunes Store authentication.<br />
<br />
<br />
<div align="center"><iframe width="500" height="375" src="//www.youtube-nocookie.com/embed/L_1Tary_Qoc?rel=0" frameborder="0" allowfullscreen></iframe></div>
 
All times are GMT -4. The time now is 09:28 AM.

Copyright © 2005-2007 MacNN. All rights reserved.
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2016, vBulletin Solutions, Inc.


Content Relevant URLs by vBSEO 3.3.2