Apple addresses passcode bypass flaw in latest iOS 7 update
A flaw that allowed users to break through the passcode screen was eliminated in iOS 7.0.2.
The first big flaw discovered in iOS 7, which allowed users to sneak through the passcode screen, has been addressed by Apple in its 7.0.2 update released on Thursday. The new iteration also reintroduces the option to use the Greek alphabet keyboard for passcodes.
“It's great that they have released a fix in short order,” Erik Bataller, principal security consultant for mobile and cloud security company Neohapsis, told SCMagazine.com on Thursday. “But given the history of this vulnerability, they should have done more due diligence before releasing it and should have been able to push out a fix more rapidly. They need to improve their processes for finding vulnerabilities, particularly for areas that have had issues in the past.”
Apple released iOS 7.0.1 on Friday, alongside the release of the iPhone 5s and iPhone 5c, but that update addressed bugs that were exclusive to those devices. First adopters of Apple's new iPhones were required to update right out of the box.
The iOS 7 operating system was released on Sept. 18 and people quickly began chipping away at it to find vulnerabilities. Jose Rodriguez, who gained fame in the past for finding ways to slip past Apple's iOS security protocols for lock screens, discovered the latest passcode bypass.
Rodriguez took to YouTube to demonstrate the flaw, which was exploitable on iPhones and iPads operating iOS 7. The workaround is very similar to an iOS 6 flaw, also discovered by Rodriguez.
According to the Apple-centric news site 9to5Mac.com, web analytics are showing that Apple is already testing iOS 7.1 – although it cannot be confirmed. Speculation is that 7.1 will contain functionalities for upcoming Apple products scheduled for release in the coming months.
Bataller at Neohapsis said that Apple has the most secure OS and devices in the smartphone and tablet space, adding that consumers should accept that the arena – from technology to threats – is evolving incredibly fast and aggressively.
“That being said, given that it affects such wide audiences and the potential impact to users and sensitive data is extensive, the vendors of hardware, software and operating systems need to increase the maturity of their security process and response capabilities in real-time,” Bataller said.
The technology giant has not commented on replicated fingerprints that have been shown to work on the Touch ID sensor exclusive to the iPhone 5s.