Security experts have discovered a flaw in some versions of Apple's iOS that means the lock screen passcode on iPhones and iPads can be bypassed.
The vulnerability is believed to affect the iPhone 5, iPhone 6 and iPad 2 running iOS 8.2 or higher. It's not clear if other models, such as the iPhone 6s , are affected.
To gain access, an attacker has to be able to physically access the phone or tablet and then perform a "time-based attack" to get past the passcode.
The attack works by tricking Apple's device into a mode where "a runtime issue with unlimited loop occurs," and the passcode lockscreen itself is deactivated.
It was spotted by security researcher Benjamin Kunz Mejri who posted a detailed description and accompanying video of the issue.
"Normally the pass code lock is being activated during the
shutdown button interaction. In case of the loop the request shuts the
display down but does not activate the pass code lock," Mejri explains.
The researcher says he reported the issue to Apple's security team in October 2015, but has waited until now to go public with the discovery.
Apple itself hasn't commented on the flaw, but this isn't the first time the company's operating system has come under threat.
Usually, vulnerabilities like this are fixed with an over-the-air update sent out by Apple in due course.
The vulnerability is believed to affect the iPhone 5, iPhone 6 and iPad 2 running iOS 8.2 or higher. It's not clear if other models, such as the iPhone 6s , are affected.
To gain access, an attacker has to be able to physically access the phone or tablet and then perform a "time-based attack" to get past the passcode.
The attack works by tricking Apple's device into a mode where "a runtime issue with unlimited loop occurs," and the passcode lockscreen itself is deactivated.
It was spotted by security researcher Benjamin Kunz Mejri who posted a detailed description and accompanying video of the issue.
The researcher says he reported the issue to Apple's security team in October 2015, but has waited until now to go public with the discovery.
Apple itself hasn't commented on the flaw, but this isn't the first time the company's operating system has come under threat.
Usually, vulnerabilities like this are fixed with an over-the-air update sent out by Apple in due course.
No comments:
Post a Comment