14 DAY TRIAL // Apple acknowledges in a Support document that a person with physical access to a locked iPad 2 can access some of the user's data, if the right tricks are performed. The issue was discovered weeks ago, and is now fixed in the latest iOS software update.
As promised, Apple not only patched the battery drain issues for iOS 5 customers, the company also fixed a security bug with iPad 2 tablets where a person could use the Apple Smart Cover accessory (or a simple magnet) to gain access to the last-run app.
Apple’s description says that “When a Smart Cover is opened while iPad 2 is confirming power off in the locked state, the iPad does not request a passcode. This allows some access to the iPad, but data protected by Data Protection is inaccessible and apps cannot be launched.”
However, the intruder can and will gain at least 'visual' access to the last activity performed on the iPad, whether it was email, web browsing, IM chatting, etc.
A Kernel issue has been patched as well. Available for iOS 3.0 through 5.0 for iPhone 3GS, iPhone 4 and iPhone 4S, iOS 3.1 through 5.0 for iPod touch (3rd generation) and later, iOS 3.2 through 5.0 for iPad, iOS 4.3 through 5.0 for iPad 2, the flaw is dangerous as it will allow an application to execute unsigned code.
It was discovered and demoed by none other than Charlie Miller of Accuvant Labs, who got himself kicked out of the Apple Developer program for this.
“A logic error existed in the mmap system call's checking of valid flag combinations. This issue may lead to a bypass of codesigning checks. This issue does not affect devices running iOS prior to version 4.3,” reads Apple’s description.
It’s still unclear why Apple had to go as far as to pull Miller’s iOS app and license. But hey, at least they’re crediting the man for discovering this flaw. Perhaps they could apologize properly by giving the man a job within Apple.