Computerworld - An iPhone bug that Apple Inc. patched last January to stop unauthorized users from bypassing the password-protected locking feature has resurfaced in newer versions of the phone's software.
The bug also affects the iPod touch.
First reported yesterday by a user identified as "greenmymac" on the MacRumors forum, the flaw lets anyone sidestep passcode locking by simply tapping "Emergency Call" on the password-entry screen, then double-tapping the Home button.
That leads to the iPhone's Favorites, a list of frequently-called contacts, and their contact information, including phone numbers and addresses. If any of the contacts have e-mail or Web addresses associated with them, the trick also allows access to the iPhone's e-mail application and Safari browser, respectively.
Computerworld confirmed that the bug is present in both iPhone 2.0 and iPhone 2.0.2.
Last January, Apple issued iPhone 1.1.3 and iPod touch 1.1.3, a firmware update that included patches for three security vulnerabilities. According to the accompanying advisory, one of the three fixed the passcode lock sidestep problem.
"The Passcode Lock feature is designed to prevent applications from being launched unless the correct passcode is entered," said Apple's advisory. "An implementation issue in the handling of emergency calls allows users with physical access to an iPhone to launch an application without the passcode. This update addresses the issue through an improved check on the state of the Passcode Lock."
Users commenting on Apple's iPhone support board weren't happy. "Wow ... now the simple security issue," said "squarejp" on Apple's forum. "Apple is sure releasing beta software."
A work-around, several users said, is to go to Settings/General/Home Button on the iPhone, then select Home. The emergency call bypass then cannot access Favorites -- the default on the iPhone for a double tap; instead, the passcode screen simply reappears.
Apple did not immediately reply to questions about the January fix and the bug's reappearance.
Read more about Security in Computerworld's Security Topic Center.
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
