Apple addresses passcode bypass flaw in latest iOS 7 update

Share this article:
A flaw that allowed users to break through the passcode screen was eliminated in iOS 7.0.2.
A flaw that allowed users to break through the passcode screen was eliminated in iOS 7.0.2.

The first big flaw discovered in iOS 7, which allowed users to sneak through the passcode screen, has been addressed by Apple in its 7.0.2 update released on Thursday. The new iteration also reintroduces the option to use the Greek alphabet keyboard for passcodes.

“It's great that they have released a fix in short order,” Erik Bataller, principal security consultant for mobile and cloud security company Neohapsis, told on Thursday. “But given the history of this vulnerability, they should have done more due diligence before releasing it and should have been able to push out a fix more rapidly. They need to improve their processes for finding vulnerabilities, particularly for areas that have had issues in the past.”

Apple released iOS 7.0.1 on Friday, alongside the release of the iPhone 5s and iPhone 5c, but that update addressed bugs that were exclusive to those devices. First adopters of Apple's new iPhones were required to update right out of the box.

The iOS 7 operating system was released on Sept. 18 and people quickly began chipping away at it to find vulnerabilities. Jose Rodriguez, who gained fame in the past for finding ways to slip past Apple's iOS security protocols for lock screens, discovered the latest passcode bypass.

Rodriguez took to YouTube to demonstrate the flaw, which was exploitable on iPhones and iPads operating iOS 7. The workaround is very similar to an iOS 6 flaw, also discovered by Rodriguez.

According to the Apple-centric news site, web analytics are showing that Apple is already testing iOS 7.1 – although it cannot be confirmed. Speculation is that 7.1 will contain functionalities for upcoming Apple products scheduled for release in the coming months.

Bataller at Neohapsis said that Apple has the most secure OS and devices in the smartphone and tablet space, adding that consumers should accept that the arena – from technology to threats – is evolving incredibly fast and aggressively.

“That being said, given that it affects such wide audiences and the potential impact to users and sensitive data is extensive, the vendors of hardware, software and operating systems need to increase the maturity of their security process and response capabilities in real-time,” Bataller said.

The technology giant has not commented on replicated fingerprints that have been shown to work on the Touch ID sensor exclusive to the iPhone 5s.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters


More in News

Millenials improve security habits, more interested in cyber careers, still need guidance

Millenials improve security habits, more interested in cyber ...

Raytheon's second annual survey on the online and security behavior of Millennials shows improvement but still a long way to go.

Pakistani man indicted over spyware app creation

Hammad Akbar created StealthGenie, which allowed the purchaser to secretly monitor a cell phone's communications.

FDA finalizes guidelines on medical device, patient data security

The recommendations are aimed at providing better protecting patient health and data, as well as hoping device manufacturers take into account cybersecurity risks in the early stages of development.