New iOS 6.1 bypass vulnerability found
MANILA, Philippines (UPDATED) - While Apple has acknowledged reports of one security flaw in iPhones using iOS 6.1, it seems a second issue has been found that works similarly to the earlier passcode-bypassing vulnerability.
According to Kaspersky Lab's Threatpost, the second flaw slightly modifies the method for bypassing the passcode. Instead of acquiring limited access to some functions on the phone, the new vulnerability which Threatpost says, "can be achieved by holding down the power button, the screenshot button and the emergency button," makes the iPhone's screen go black, except for the top bar. Threatpost adds, "From there it can be plugged into a computer and the information can be harvested via iTunes from the phone’s hard drive with read/write access."
A recent post on The Next Web, however, disputes the claim made on the Threatpost blog, citing flawed testing methods. According to the post on The Next Web, "Once an iPhone has been connected to a computer and unlocked once, its file system is always viewable by that machine, regardless of passcode status." This is the flawed method The Next Web points to: "this bypass method could only show the file system," the article notes, "if it had been plugged into that computer unlocked previously," which appears to be the case for Threatpost's testing.
While Apple did acknowledge the first security flaw and released a fix to developers with iOS 6.1.3 beta 2, security updates for consumers have yet to be made known or released for either issue. - Rappler.com