iOS 6.1 lock screen bypass discovered, Apple working on a fix
Apple has confirmed it is looking to fix the recently discovered exploit in iOS 6.1 which allows anyone to enter the phone app, bypassing the lock screen
Apple has admitted that its latest iOS 6.1 software update has a security flaw that allows an attacker to bypass the lock screen without entering a passcode - but promises that it is working on a fix.
The flaw appears in the way the Emergency Call functionality works on the handset. As required in many countries by telecom regulators, an iPhone allows a user to make a call to one of a list of official emergency numbers - such as 911 in the US and 999 in the UK - without entering the phone's passcode. Entering the hack is a somewhat laborious process - involving holding the power button, making a call to an emergency number but cancelling it before it goes through, holding the power button again and tapping the emergency call option as quickly as possible - but still represents a serious breach in security.
In mitigation, the bypass doesn't allow full access to the handset or its installed applications. It does, however, allow the attacker to make calls to any arbitrary number, access contact details and browse the on-device photo roll.
Meanwhile, users are still reporting issues with the
iPhone 4S draining its battery and losing 3G connections, even after installing the iOS 6.1.1 update specifically designed to address these problems. With the issue serious enough for Vodafone to issue a warning against installing iOS 6.1, it's looking like upgrading any iPhone 4S from iOS 6.0 is a bad idea until a further patch can be developed.
Apple has stated that it is investigating the software issues in iOS and will deliver a fix in a future update, but declined to give a firm time scale for its release.