New iOS 6.1 bypass vulnerability found

MANILA, Philippines (UPDATED) - While Apple has acknowledged reports of one security flaw in iPhones using iOS 6.1, it seems a second issue has been found that works similarly to the earlier passcode-bypassing vulnerability.

According to Kaspersky Lab's Threatpost, the second flaw slightly modifies the method for bypassing the passcode. Instead of acquiring limited access to some functions on the phone, the new vulnerability which Threatpost says, "can be achieved by holding down the power button, the screenshot button and the emergency button," makes the iPhone's screen go black, except for the top bar. Threatpost adds, "From there it can be plugged into a computer and the information can be harvested via iTunes from the phone’s hard drive with read/write access."

A recent post on The Next Web, however, disputes the claim made on the Threatpost blog, citing flawed testing methods. According to the post on The Next Web, "Once an iPhone has been connected to a computer and unlocked once, its file system is always viewable by that machine, regardless of passcode status." This is the flawed method The Next Web points to: "this bypass method could only show the file system," the article notes, "if it had been plugged into that computer unlocked previously," which appears to be the case for Threatpost's testing.

While Apple did acknowledge the first security flaw and released a fix to developers with iOS 6.1.3 beta 2, security updates for consumers have yet to be made known or released for either issue. - Rappler.com

Victor Barreiro Jr.

Victor Barreiro Jr is part of Rappler's Central Desk. An avid patron of role-playing games and science fiction and fantasy shows, he also yearns to do good in the world, and hopes his work with Rappler helps to increase the good that's out there.

image