What’s New in iOS 7.0.2: Security Content
Even before Apple formally released iOS 7, the rumor mill indicated that the company was already working on versions 7.0.1, 7.0.2 and 7.1. In other words, Apple knew about the lock screen bypass issue, was brewing iOS 7.0.2 ahead of time and here it is.
• iOS 7.0.2 Software Update
— Fixes bugs that could allow someone to bypass the Lock screen passcode
— Reintroduces a Greek keyboard option for passcode entry
As is usually the case, Apple released the update and only later got ’round to posting security details. Whereas it often takes days for that to show, Apple has already published iOS 7.0.2 Security Content:
— Passcode Lock
— Available for: iPhone 4 and later
— Impact: A person with physical access to the device may be able to make calls to any number
— Description: A NULL dereference existed in the lock screen which would cause it to restart if the emergency call button was tapped repeatedly. While the lock screen was restarting, the call dialer could not get the lock screen state and assumed the device was unlocked, and so allowed non-emergency numbers to be dialed. This issue was addressed by avoiding the NULL dereference.
— CVE-2013-5160 : Karam Daoud of PART – Marketing & Business Development, Andrew Chung, Mariusz Rysz
— Passcode Lock
— Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later
— Impact: A person with physical access to the device may be able to see recently used apps, see, edit, and share photos
— Description: The list of apps you opened could be accessed during some transitions while the device was locked, and the Camera app could be opened while the device was locked.
— CVE-2013-5161 : videosdebarraquito
Passcode lock and more passcode lock — glad Apple got it done and it’s interesting that they were aware of the issue and working on it well ahead of time…
What’s your take?