iOS 6.1 brings back bug that gives anyone access to your contacts, photos (Update)

An old vulnerability in the iPhone's lock screen and Emergency Call feature appears to have resurfaced for a third time in iOS 6.1. With the right sequence of button clicking, it's possible to get to an iPhone user's voicemails, contacts, and photos—even if the iPhone is locked and password protected.

A similar bug first appeared in iOS 2.0. That version of iOS added optional user-selectable actions for double-clicking the Home button, with the default to access a user's contact favorites. By clicking the Emergency Call button on an iPhone's lock screen and then double-clicking the Home button, the Phone app would show the list of your favorite contacts. From there, it was possible to access call logs, voicemails, and any contact; send SMS messages; send or read e-mails; and even launch Safari.

Apple fixed the flaw in iOS 2.1, but it popped up again in iOS 4.1. The sequence of actions was a little more complex, however. It required dialing a random number for an emergency call and then hitting the hardware lock button. Doing so would allow the standard Phone app UI to appear once again, giving a potential hacker access to call logs, voicemails, and contacts.

Read 4 remaining paragraphs | Comments