There's a second passcode lock vulnerability in iOS 6.1, according to Vulnerability Lab CEO Benjamin Kunz Mejri (hat tip to Kaspersky Lab's threatpost). Mejri had recently outlined the vulnerability in an e-mail to the Full Disclosure list, highlighting yet another way for attackers to get past the lock screen and access a user's contacts, voicemails, and more.
As detailed by Mejri, this new bug appears to be slightly different from the one highlighted earlier this month. The two start out in a similar way—by following a set of steps that utilizes the Emergency Call function in addition to the lock/sleep button and the screenshot feature. When making an emergency call, an attacker could cancel the call while holding the lock/sleep button in order to access data on the phone.
The difference between the first exploit and this one is how it can make the iPhone screen go black, allowing an attacker to plug the device into a computer via USB and access the user's data without having their PIN or passcode credentials.
Read 2 remaining paragraphs | Comments