Skip to main content

Apple iOS Passcode Lock Security Bypass Multiple Vulnerabilities

Last Update Date: 24 Oct 2013 10:28 Release Date: 24 Oct 2013 3948 Views

RISK: Medium Risk

TYPE: Operating Systems - Mobile & Apps

TYPE: Mobile & Apps

Multiple vulnerabilities have been identified in Apple iOS, which can be exploited by malicious people with physical access to bypass certain security restrictions.

  1. A NULL pointer dereference error related to the emergency call button and the camera pane within the lock screen of the Passcode Lock component can be exploited to gain access to certain otherwise restricted functionality and e.g. call an arbitrary number.
  2. An error within the Passcode Lock component can be exploited to gain access to the lock screen after having been disabled due to incorrect passcode attempts.
  3. A race condition error in the Passcode Lock component can be exploited to gain access to the contact pane and e.g. call an arbitrary number from the contacts pane.

Impact

  • Security Restriction Bypass

System / Technologies affected

  • Versions prior to 7.0.3 running on iPhone 4 and later

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Update to version 7.0.3.

Vulnerability Identifier


Source


Related Link