Second passcode bypass flaw discovered in iOS 6.1 this month

Shawn Knight

Posts: 15,255   +192
Staff member

Apple released iOS 6.1.2 one week ago to address, among other things, a flaw that allowed anyone to bypass the iPhone passcode lock screen and access select data on the device. But much to the dismay of Apple, yet another passcode bypass vulnerability has been discovered that once again lets users in the know access a locked device without knowing the four-digit pin.

The second vulnerability to surface this month is similar to the first in that it involved using the phone’s screenshot function, emergency call feature and the power button to circumvent the lock screen. From there, however, reports vary as to the level of access you may have.

The original note on the Full Disclosure blog says this new method allows an attacker to gain access to the phone’s voicemail list and contacts list. Connect the handset to a computer using a USB cable and you can even reportedly access other data like photos without the passcode. The latter, however, may only be partially true.

According to TNW, the user file system is encrypted and unviewable on a computer when an iPhone has a passcode enabled. The catch here is that if the iPhone has been connected to a computer and unlocked once, then its file system will always be viewable on that machine. If the phone has never been connected to a particular computer and unlocked, this hack won’t grant any magical access.

In related iOS news, Apple is beta testing the latest version of the software which prevents the use of the popular jailbreak software evasi0n. One of evasi0n’s creators was recently able to test the update and confirmed the patch, we are told. It's unclear at this hour when we can expect to see iOS 6.1.3 or what specific fixes it will carry.

Permalink to story.

 
So busy trying to lock out jailbreaking that they forget to bug test important features...
 
There are flaws since ios beginning so I don't think it's something unwanted from them.
They want to sell the phone to jailbreaking market more than sending these people back to competitors.
 
Hmm kinda smart. Get everyone to the latest iOS version, including the people who want to jailbreak their devices, since jailbreaking is possible on the current latest iOS. Then somehow a very serious "bug" props up. Apple, then releases an unjailbreakable version of iOS which fixes this serious bug and at the same time, downgrading to other versions is disabled on the Apple Servers. The serious "bug" would cause everyone to want to upgrade to the latest iOS, even if there is no Jailbreak. Apple's Jailbreak problem solved...

Of course, I'm making the utterly horrible assumption, that the new version of iOS would be unjailbreakble... Also there are ways to downgrade to older version of iOS even after Apple servers stop verifying the old ipsw files...
 
Hmm kinda smart. Get everyone to the latest iOS version, including the people who want to jailbreak their devices, since jailbreaking is possible on the current latest iOS. Then somehow a very serious "bug" props up. Apple, then releases an unjailbreakable version of iOS which fixes this serious bug and at the same time, downgrading to other versions is disabled on the Apple Servers. The serious "bug" would cause everyone to want to upgrade to the latest iOS, even if there is no Jailbreak. Apple's Jailbreak problem solved...

Of course, I'm making the utterly horrible assumption, that the new version of iOS would be unjailbreakble... Also there are ways to downgrade to older version of iOS even after Apple servers stop verifying the old ipsw files...

Maybe apple planned this in the first place.
 
I've had countless times people who own/want Apple products say "They don't get viruses." Well they way the world is now by having a "computer" in the palm of your hand they really need to look at the whole perceptive and realize they people are the true virus. If people want to get into something bad enough they will.

I'm not in the cult of Apple, but I agree with Steve on this. They need to stop trying to stop jailbreaking and work on improving what they have.
 
Back