Just when you thought your iOS Device’s precious data was safe when Apple released iOS 7.0.2… think again. A new lockscreen vulnerability has just been discovered that allows anyone to access the Phone app by doing a complex series of taps. I honestly don’t know how these people end up finding these vulnerabilities, but it looks like Apple will soon be releasing iOS 7.0.3 because this is indeed legit.
The individual responsible for this particular lockscreen vulnerability is Dany Lisiansky. He has posted a YouTube video of how it works and it is a lot more complex than the previous one, but still a threat.
Essentially this particular vulnerability takes advantage of Siri on the lockscreen to gain advantage to the Phone app. Nothing else can be accessed besides the Phone app, but of course from it you can access contact information, place calls and send text messages. As such Apple’s security team can’t be happy.
The steps for reproducing the vulnerability are as follows:
- Make a phone call (with Siri / Voice Control).
- Click the FaceTime button.
- When the FaceTime App appears, click the Sleep button.
- Unlock the iPhone.
- Answer and End the FaceTime call at the other end.
- Wait a few seconds.
- Done. You are now in the phone app.
There is of course a simple solution to those worried about people exploiting this and that is to simply disabling Siri from the Lockscreen.
hey ijb says
the bug is allways found when end call/call button is pressed allot ugh
Travis Fodor says
anyone else unable to restore their phone when updating to 7.0.2? My phone won’t restore and is giving me error 17 on iTunes..
I get an error after an error
I call them “no-life-people”
Joshua Jones Makaveli says
I got iOS6.1 :p