Apple addresses passcode bypass flaw in latest iOS 7 update

Share this article:
A flaw that allowed users to break through the passcode screen was eliminated in iOS 7.0.2.
A flaw that allowed users to break through the passcode screen was eliminated in iOS 7.0.2.

The first big flaw discovered in iOS 7, which allowed users to sneak through the passcode screen, has been addressed by Apple in its 7.0.2 update released on Thursday. The new iteration also reintroduces the option to use the Greek alphabet keyboard for passcodes.

“It's great that they have released a fix in short order,” Erik Bataller, principal security consultant for mobile and cloud security company Neohapsis, told SCMagazine.com on Thursday. “But given the history of this vulnerability, they should have done more due diligence before releasing it and should have been able to push out a fix more rapidly. They need to improve their processes for finding vulnerabilities, particularly for areas that have had issues in the past.”

Apple released iOS 7.0.1 on Friday, alongside the release of the iPhone 5s and iPhone 5c, but that update addressed bugs that were exclusive to those devices. First adopters of Apple's new iPhones were required to update right out of the box.

The iOS 7 operating system was released on Sept. 18 and people quickly began chipping away at it to find vulnerabilities. Jose Rodriguez, who gained fame in the past for finding ways to slip past Apple's iOS security protocols for lock screens, discovered the latest passcode bypass.

Rodriguez took to YouTube to demonstrate the flaw, which was exploitable on iPhones and iPads operating iOS 7. The workaround is very similar to an iOS 6 flaw, also discovered by Rodriguez.

According to the Apple-centric news site 9to5Mac.com, web analytics are showing that Apple is already testing iOS 7.1 – although it cannot be confirmed. Speculation is that 7.1 will contain functionalities for upcoming Apple products scheduled for release in the coming months.

Bataller at Neohapsis said that Apple has the most secure OS and devices in the smartphone and tablet space, adding that consumers should accept that the arena – from technology to threats – is evolving incredibly fast and aggressively.

“That being said, given that it affects such wide audiences and the potential impact to users and sensitive data is extensive, the vendors of hardware, software and operating systems need to increase the maturity of their security process and response capabilities in real-time,” Bataller said.

The technology giant has not commented on replicated fingerprints that have been shown to work on the Touch ID sensor exclusive to the iPhone 5s.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Email promises free pizza, ensnares victims in Asprox botnet instead

Email promises free pizza, ensnares victims in Asprox ...

Cloudmark came upon an email that offers free pizza, but clicking on the link to get the coupon ends with victims being ensnared in a botnet.

Report: most orgs lacking in response team, policies to address cyber incidents

In its Q3 threat intelligence report, Solutionary learned that 75 percent of organizations it assisted had no response team or policies and procedures to address cyber incidents.

Flash redirect campaign impacts Carnegie Mellon page, leads to Angler EK

Flash redirect campaign impacts Carnegie Mellon page, leads ...

Malwarebytes found that, since early July, thousands of sites had been targeted in the campaign.