A security flaw allowing unofficial access to certain iPad 2 apps, even when the tablet is PIN-locked, has been identified, using Apple’s own Smart Cover to bypass the protection. The loophole, spotted by Apfeltalk, relies on Apple’s Smart Cover unlocking system, which wakes the iPad 2 when opened: when the right combination of button presses and other steps are followed, that can also leave the tablet open to partial use.
The extent of the access granted depends on what app you left on-screen prior to locking the iPad 2, as the tampered tablet will allow use of whichever app is currently active. So, if you lock the slate while your Mail inbox is visible, a third-party could browse through your messages and send emails from your account.
1) Lock a password protected iPad 2
2) Hold down power button until iPad 2 reaches turn off slider
3) Close Smart Cover
4) Open Smart Cover
5) Click cancel on the bottom of the screen
If the iPad was left showing the homescreen, apps can be browsed through – though not opened or deleted – and music playback controlled from the app-switcher bar. At the moment the problem is confirmed to affect iOS 5, but there have been some reports of it also working on iOS 4.3.
[via 9 to 5 Mac]