Major Security Flaw Found in 2.0.2. Users Can 'Improvise' the Fix.

An iPhone user writing over at MacRumors' forums has stumbled upon a ridiculously simple-to-exploit flaw within the iPhone software 2.0.2. Apparently, one can remove the password protection of an iPhone without actually knowing the code, by simply tapping the Emergency Call button and double tapping the Home button.

The user explains that "2.0.2 gives almost full access to the iPhone even while under password protection...

Steps to Reproduce

- Set iPhone to use passcode lock, have contacts marked as Favorites with links, phone numbers, addresses, etc in address book entry.
- Tap 'Emergency Call' keypad from passcode entry screen.
- Double-tap home button".

He adds that, in order to complete the process, one must tap the blue arrow next to contact's name to gain full access to applications such as Safari, the iPhone user's complete Contacts list, text messages and e-mails, "by accessing various entries on the Favorite's page, i.e. tapping their home page brings up a full, unrestricted Safari".

However, not long after the flaw was acknowledged, posted and reported on various Mac-based sites, a solution to guard against it had already been found. The iPhone user must go to the iPhone's General Settings, access the Home Button Settings, and switch double-clicking from 'Phone Favorites' (the iPhone's default setting) to iPod. Once the user changes these settings, anyone who attempts to use the flaw to gain access to some personal data will only see the user's music library, the 9to5mac reader says. Still, there's even a better solution according to another reader (who cites MacRumors for the tip) - simply switching double-clicking to 'Home Page' rather than 'iPod' (returns the to the passcode entry screen).

This is the first security flaw acknowledged with the iPhone 2.0 software since its debut. Even though users can improvise the fix, Apple is guaranteed to release an update to resolve the issue. Stick around to learn of its existence.