iOS 7 bug enables user to bypass lockscreen, send emails and status updates (update: Apple response)

iOS 7 bug enables user to bypass lockscreen, send emails and status updates

The moment operating systems become available to the public is also the moment millions of people have the opportunity to hunt around and find bugs. And, it appears that at least one rather critical bug has already been discovered in iOS 7. A keen-eyed user found a way to bypass the passcode-protected lockscreen and gain access to the device's photos app, giving him the ability to hijack the email or social network account associated with that device. Essentially, you access the alarm clock through Control Center, make your way into the multitasking menu and head into the camera app from there. We've embedded the video evidence below, just in case you're interested in trying it out for yourself; we tested it out using an iPhone 5s running iOS 7.0.1, and were able to duplicate the user's claims.

This isn't the first time we've seen an iOS bug capable of bypassing your lockscreen and compromising the security of your device, and Apple typically squashes those bugs with patches; the last one took a month, however, so we'd like to see an update to iOS 7.0.2 a bit sooner than that. While you wait, the easiest way to avoid this concern is to disable the ability to access Control Center from the lockscreen (this can be found in the settings).

[Thanks, @vbarraquito!]

Update: Apple tells AllThingsD that it's aware of the bug, and that it's working on a fix.

Filed under: , , ,

Comments

Via: Forbes

Google teases hackers with $2 million in prizes, announces Pwnium 2 exploit competition

Google teases hackers with $2 million in prizes, announces Pwnium 2 exploit competitionThe folks in Mountain View are starting to make a habit of getting hacked -- intentionally, that is. Earlier this year, Google hosted an event at the CanSecWest security conference called Pwnium, a competition that challenged aspiring hackers to poke holes in its Chrome browser. El Goog apparently learned so much from the event that it's doing it again -- hosting Pwnium 2 at the Hack in the Box 10th anniversary conference in Malaysia and offering up to $2 million in rewards. Bugging out the browser by exploiting its own code wins the largest award, a cool $60,000. Enlisting the help of a WebKit or Windows kernel bug makes you eligible for a $50,000 reward, and non-Chrome exploits that rely on a bug in Flash or a driver are worth $40,000. Not confident you can break Chrome? Don't let that stop you -- Google plans to reward incomplete exploits as well, noting that it has plenty to learn from unreliable or incomplete attacks. Check out the Chromium Blog at the source link below for the full details.

Filed under: ,

Google teases hackers with $2 million in prizes, announces Pwnium 2 exploit competition originally appeared on Engadget on Thu, 16 Aug 2012 11:12:00 EDT. Please see our terms for use of feeds.

Permalink   |  sourceGoogle  | Email this | Comments