Join gaming leaders, alongside GamesBeat and Facebook Gaming, for their 2nd Annual GamesBeat & Facebook Gaming Summit | GamesBeat: Into the Metaverse 2 this upcoming January 25-27, 2022. Learn more about the event. 


iOS update

The iOS 6.1 lockscreen hack from earlier this month isn’t the only security vulnerability in Apple’s latest mobile OS.

Benjamin Kunz Mejri, the chief executive of the security firm Vulnerability Lab, detailed yet another iOS 6.1 hack last week in the Full Disclosure mailing list. The hack enables attackers bypass your iPhone’s lockscreen password, giving them access to your phone’s contacts, photos, voicemails, and more.

Judging from Mejri’s description, the new hack seems related to the earlier iOS 6.1 lockscreen exploit. Both involve using the iPhone’s emergency call function, cancelling it immediately, and then trying to make a screenshot. But the newer attack takes advantage of a slightly different method to make the iPhone vulnerable (basically, pressing the power, home, and emergency call buttons all at once).

Apple acknowledged the previous iOS 6.1 security flaw and quickly issued a fix to developers with the second iOS 6.1.3 beta. That update hasn’t yet trickled down to iPhone owners, and it’s unclear if it also fixes Mejri’s exploit.

Here’s how Mejri describes the exploit in his e-mail to Full Disclosure:

The vulnerability is located in the main login module of the mobile iOS device (iphone or ipad) when processing to use the screenshot function in combination with the emegerncy call and power (standby) button. The vulnerability allows the local attacker to bypass the code lock in iTunes and via USB when a black screen bug occurs.

The vulnerability can be exploited by local attackers with physical device access without privileged iOS account or required user interaction. Successful exploitation of the vulnerability results in unauthorized device access and information disclosure.

Check out a video of the exploit below:

via Wired, ThreatPost; Photo: Devindra Hardawar/VentureBeat

VentureBeat

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact. Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:
  • up-to-date information on the subjects of interest to you
  • our newsletters
  • gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
  • networking features, and more
Become a member