iOS 6.1.3 lock-screen bypass bug provides access to Contacts and Camera Roll

Mar 20, 2013
5
iOS 6.1.3 lock-screen bypass bug provides access to Contacts and Camera Roll

Yesterday, Apple rolled out iOS 6.1.3, patching up the popular Evasi0n jailbreak and, as a video we have available after the jump shows, introducing a security vulnerability that allows the lock screen to be bypassed. This is despite the fact that the latest iOS release contains fixes to previous vulnerabilities that allowed anyone to skip the lock screen.

The newest security issue isn't terribly easy to pull off, although anyone with a bit of dedication could manage it. The problem was surfaced by YouTube user videosdebarraquito, who posted a video showing the entire method using an iPhone 4. This was followed up by others confirming that they managed to reproduce the bug, including the folks over at The Next Web.

As you can see on the video above, the bug is exploited by removing the SIM card at a certain moment while initiating a call via voice commands. Doing this provides access to the handset's Contacts and Camera Roll, which can be fully browsed and edited. The obvious solution until Apple rolls out a fix for this lock screen bypass is to shut off the voice dialing feature.

Some user reports are coming in that this exploit does not work when using Siri, but some have published that they've managed to get it to work on the iPhone 5. The full effect of the bug will only be known as word spreads and more variations of the iPhone are tested, but for now it would seem those operating pre-Siri are vulnerable to the issue.

[via The Next Web]


Must Read Bits & Bytes