A flaw in the Apple iPhone's iOS 6.1 software allows attackers to bypass a user's passcode lock and access photos, contacts and more.
Another iPhone security vulnerability has been discovered, allowing attackers to break through the passcode lock in iOS 6.1 and access contacts, photos and data, and make outgoing phone calls.
Researcher Benjamin Kunx Mejri, the founder of Vulnerability Lab, found that by making an adroit combination of actions and button presses at certain times - accessing the emergency call feature, hanging up immediately, then pressing power and home buttons after several seconds had elapsed - he could get through the passcode lock and access the user's phone app, look through contacts and listen to voicemails, and even make a phone call if he held down the power button while dialling.
And it gets worse. Mejri then plugged the iPhone into the USB slot of a laptop while compromised and was able to get access to photos, contacts and other files "directly from the device hard drive without the pin to access".
In fact regular followers of the world of iPhone vulnerabilities will find the whole process familiar, as Mejri acknowledges in the video below. That's because approximate versions of this hack have been around since as early as iOS 2, as Arstechnica points out, and an almost identical flaw was discovered earlier this month. Apple says it will fix the earlier bug in iOS 6.1.3, which has entered developer beta, and most industry watchers expect this variant to be sorted at the same time.
Via Kaspersky Lab's Threat Post blog