Essentially, the problem lets unauthorised users access personal data held on an iPhone that has been protected using a passcode.
All anyone need to in order to access content held on a passcode-protected iPhone is to hit the 'emergency calls' button, and then hit the Home button rapidly twice when they will be automatically transported to a users 'Favorites' folder (by default).
This can provide a miscreant with access to the contacts, email and web browser, if any of the contacts have email addresses or websites associated with them, the trick also allows access to the iPhone's email application and Safari browser, respectively.
Apple patched the problem in January, but neglected to include the patch within the most recent iPhone software releases, including version 2.0 and the troublesome iPhone 2.0.2 Software Update. That software update is also being accused of creating a wide-spread problem in which applications do not function and the content of a user's iPhone iPod section becomes unavailable.
The security problem was reported yesterday by a user identified as "greenmymac" on the MacRumors forum.
Last January, Apple issued iPhone 1.1.3 and iPod touch 1.1.3, a firmware update that included patches for three security vulnerabilities. According to the accompanying advisory, one of the three fixed the passcode lock sidestep problem.
"The Passcode Lock feature is designed to prevent applications from being launched unless the correct passcode is entered," said Apple's advisory. "An implementation issue in the handling of emergency calls allows users with physical access to an iPhone to launch an application without the passcode. This update addresses the issue through an improved check on the state of the Passcode Lock."
Users commenting on Apple's iPhone support board weren't happy. "Wow...now the simple security issue," said "squarejp" on Apple's forum. "Apple is sure releasing beta software."
Despite the hubbub an extremely simple series of workarounds exist. iPhone users need simply visit Settings/General/Home Button on the iPhone, then select Home. The emergency call bypass then cannot access Favorites - the default on the iPhone for a double-tap; instead, the passcode screen simply reappears.
Apple did not immediately reply to questions about the January fix and the bugs reappearance.