New iOS 6.1 bypass vulnerability found
MANILA, Philippines (UPDATED) - While Apple has acknowledged reports of one security flaw in iPhones using iOS 6.1, it seems a second issue has been found that works similarly to the earlier passcode-bypassing vulnerability.
According to Kaspersky Lab's Threatpost, the second flaw slightly modifies the method for bypassing the passcode. Instead of acquiring limited access to some functions on the phone, the new vulnerability which Threatpost says, "can be achieved by holding down the power button, the screenshot button and the emergency button," makes the iPhone's screen go black, except for the top bar. Threatpost adds, "From there it can be plugged into a computer and the information can be harvested via iTunes from the phone’s hard drive with read/write access."
A recent post on The Next Web, however, disputes the claim made on the Threatpost blog, citing flawed testing methods. According to the post on The Next Web, "Once an iPhone has been connected to a computer and unlocked once, its file system is always viewable by that machine, regardless of passcode status." This is the flawed method The Next Web points to: "this bypass method could only show the file system," the article notes, "if it had been plugged into that computer unlocked previously," which appears to be the case for Threatpost's testing.
While Apple did acknowledge the first security flaw and released a fix to developers with iOS 6.1.3 beta 2, security updates for consumers have yet to be made known or released for either issue. - Rappler.com
In these changing times, courage and clarity become even more important.
Take discussions to the next level with Rappler PLUS — your platform for deeper insights, closer collaboration, and meaningful action.
Sign up today and access exclusive content, events, and workshops curated especially for those who crave clarity and collaboration in an intelligent, action-oriented community.
As an added bonus, we’re also giving a free 1-year Booky Prime membership for the next 200 subscribers.
You can also support Rappler without a PLUS membership. Help us stay free and independent by making a donation: https://www.rappler.com/crowdfunding. Every contribution counts.