domingo, 29 de septiembre de 2013

iOS 7.0.2: Apple rolls out fix for lockscreen bypass bug - The Guardian

Apple has released an update for its iOS 7 software to close a security flaw in its lockscreen which had allowed people to bypass the protection and hack into the owner's content.

The iOS 7.0.2 version began showing up as an update for phones on Thursday night, six days after the flaw was discovered. It is also available for the newer iPhone 5s and 5c, although the bug was not demonstrated on those phones, as it adds the option for a Greek keyboard option for passcode entry.

The download, which varies in size from 17MB to 20MB depending on the device, is free.

The bug used a weakness in the new Control Center feature in iOS 7 which offers rapid access to functions including the camera, calculator, alarms and a torch even from the lockscreen. A hacker who used the right sequence of keypresses could access user data including photos, email, Twitter, Facebook and Twitter accounts, which they could edit or use, and also send text messages - though they could not read email.

The update has come comparatively quickly from Apple, which has in the past typically taken at least two weeks to close such security holes when they have been found.

A separate bug in which a specific string of Unicode text could crash browsers and apps which viewed it using iOS 6 apparently was not dealt with for months, though it is fixed as part of iOS 7's text handling.

It's unclear whether the fix also closes a security hole which could let people make calls to any number via the emergency call screen.

No hay comentarios:

Publicar un comentario