A second iOS 6.1
bug has been discovered that gives access to contacts, photos and more. The
vulnerability uses a similar method as the one disclosed previously, though it apparently gives access to
more user data when the phone is plugged into a computer.
It was
originally posted on the Full Disclosuremailing list. Kaspersky's Threatpost:
Similar to the
iPhone's passcode vulnerability, the exploit involves manipulating the phone’s
screenshot function, its emergency call function and its power button. Users
can make an emergency call (911 for example) on the phone and then cancel it
while toggling the power on and off to get temporary access to the phone. A
video posted by the group shows a user flipping through the phone’s voicemail
list and contacts list while holding down the power button. From there an
attacker could get the phone’s screen to turn black before it can be connected
to a computer via a USB cord. The device’s photos, contacts and more “will be
available directly from the device hard drive without the pin to access,”
according to the advisory.
Apple was
expected to fix the lock screen bug in iOS 6.1.2, but that small release fixed a different bug. Instead, it appears a fix for at least
one of the lock screen vulnerabilities will be coming in iOS 6.1.3, currently in the hands of developers.
No comments:
Post a Comment