Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Security Strategy, Plan, Budget, Vulnerability Management, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

iOS 7.1 bug enables iCloud account deletion, disabling Find My iPhone, without password

A bug impacting iOS 7.1 could allow for a thief to delete an iCloud account and disable Find My iPhone without entering an Apple ID and password, as well as restore the device, because the Activation Lock meant to prevent all this from happening is deactivated.

Demonstrated in a video posted Wednesday, the bug appears to occur by simultaneously flipping the switch to turn off Find My iPhone and pressing the ‘delete account' button in the iCloud settings of the Apple device.

Following a restart, the iCloud account can be deleted and the iPhone can be restored.

The bug, which only works if the phone is logged in or not password protected, was demonstrated on an iPhone 4s in the YouTube video. Various comments suggest it may not work on iPhone 5 devices, and it does work on iPads.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.