14 DAY TRIAL // Despite countless attempts to address passcode / lockscreen flaws, Apple still has a vulnerable iOS 7 on its hands. Yet another such bug has been discovered in the latest version of the software, which will undoubtedly prompt the company to include an extra patch in iOS 7.1.2.
A YouTuber who maintains a channel dubbed EverythingApplePro is responsible for the discovery of the flaw. He shows how the bug can be exploited in under four seconds (video embedded below).
Easily the fastest-replicable bug of its kind, the issue can be exploited simply by accessing Control Center, turning AirPlane Mode on, and tapping on a missed call banner in Notification Center. Whatever app was running before the device got locked will now be accessible to the person holding the phone.
Granted, it’s not as dramatic as the author will have you believe. First of all, you need to have Access on Lock Screen switched to ON. Second, you need to have locked your device without exiting the app you were using. Third, you actually need to have a missed call in Notification Center ready to be tapped.
So that’s three distinct factors that must combine to make the flaw possible, not to mention someone having physical access to your iPhone. In other words, don’t sweat it.
Apple already has a fair amount of flaws to patch in iOS 7.1.1, and the Cupertino company is known to be testing iOS 7.1.2 internally. The release should occur any day now, considering that iOS 7 has again been labeled as unsafe.
According to developers who are currently embroiled in iOS 8 testing, the upcoming firmware is not vulnerable to this flaw. For one reason or another, Apple either intentionally addressed the problem (which means they knew about it but did nothing to fix it in iOS 7), or the code involving lockscreen access is different in the upcoming OS. Either way, it’s good news.
Apple has been dealing with passcode lock flaws since the iPhone’s humble beginnings. For one reason or another, this portion of iOS is the easiest to hack and it can be done by virtually anyone, as it requires no coding skills.
One plausible theory as to why this area of the OS is so vulnerable is that Apple is required to enable a certain degree of accessibility to the phone’s functions so that the user can at least begin to unlock it.
Then there’s also the notifications and alerts which, upon popular request, have been introduced in iOS with the option to tap on them and get sent to the originating app. In other words, Apple is somewhat forced to mess up on this one. After all, it could easily provide zero access to the phone’s functions from the lockscreen if it wanted to, all except the passcode dial pad.
