security-bug-ios-6.1.3

Apple just released iOS 6.1.3 to fix a vulnerability that allowed users to bypass the lock pin and access some areas of the device. But all isn’t super-secure in iOS-land yet. A new security bug in this version was just found by a YouTuber dubbed “videosdebarraquito” and confirmed by The Next Web. Here’s the gist of it.

Apparently in iOS 6.1.3, users are still able to skip over pin authentication to gain access to contacts and photos. If it’s any consolation, no unassuming person is likely to accidentally discover this during the normal course of usage. It takes a little more than pwning the software. You’ve got to roll up your sleeves and pry open the hardware, i.e., the SIM card tray, while in the midst of dialing. The bug was evident and reproducible on the iPhone 4 and 4S, though testing is ongoing to see if the iPhone 5 is vulnerable too. (iPhone blog.de claims to have done it successfully.)

The security hole may have something to do with Voice Dial, the speech-operated phone dialer that preceded Siri. The bug doesn’t seem to work with Apple’s latest and more robust voice command utility, at least for now, so if you have a legacy device that is capable of running Siri, protecting the device might just be a matter of leaving that feature enabled. If not, you can disable Voice Dial in the Settings >> General >> Passcode screen. 

Now that the vulnerability has been discovered, you can bet more testing is on the way. Hopefully it won’t be long before we know the full extent of this bug.

To see the glitch in action, hit up the video.