BETA
This is a BETA experience. You may opt-out by clicking here

More From Forbes

Elite Russian Hackers Claim To Have Breached Three Major U.S. Antivirus Makers
School Lunch Business Rivalry Leads To Hacking Charges
Cybercriminals Steal $1.75 Million From An Ohio Church
Ransomware Hits Yet Another U.S. Airport
A Free Wi-Fi Finder App Exposed Passwords To Millions Of Networks
A Ransomware Attack Knocked The Weather Channel Off The Air
Edit Story
TechSecurity

Apple Fixes Two iOS 7 Bugs That Allowed Access To Locked iPhones

Andy Greenberg
Former Staff
Covering the worlds of data security, privacy and hacker culture.
This article is more than 10 years old.

One week after the first of two flaws were revealed that opened major security holes in the iPhone's lockscreen, Apple has stamped out the bugs.

On Thursday the company released iOS 7.0.2, the second update to its iOS 7 mobile operating system, which it says in a security advisory is designed to fix two security flaws: one which used the iPhone's new "control center" feature to allow access to photos along with all the associated sharing functions from the user's account including email, Twitter and Facebook, and a second which allowed a thief or prankster to make calls to any number from a locked iPhone's emergency calling function, simply by dialing a number on the emergency calling screen and pressing the "call" button repeatedly.

Both of those techniques were shared with me last week--the first by Jose Rodriguez, a soldier in the Spanish Canary Islands, and the second by Karam Daoud, a marketing entrepreneur in the Palestinian West Bank city of Ramallah. Apple gave credit to Rodriguez (using his YouTube handle, videosdebarraquito) for reporting the control center vulnerability, as well as Daoud for reporting the emergency calling bug, along with two others who seem to have spotted the same issue.

While Apple was working on this fix, however, other security researchers were working to find new ways to break into the company's handsets. The hacker known as Starbug of the German group the Chaos Computer Club reported on Sunday that he had managed to pick up a fingerprint from a glass surface and use it to create a spoofed latex print capable of breaking Apple's TouchID fingerprint reader. The trick was replicated by security researcher Marc Rogers at the security firm Lookout Mobile, however, who noted that while it does prove the phone's vulnerability, it took close to a thousand dollars of equipment and plenty of time and expertise to perform.

Anyone looking for the iOS 7.0.2 security fix can find in the iPhone's settings or in iTunes. Read Apple's advisory here.

Follow me on Twitter, and check out the new paperback edition of my book, This Machine Kills Secrets: Julian Assange, the Cypherpunks, and Their Fight to Empower Whistleblowers, a New York Times Book Review Editor’s Choice.

Andy Greenberg
Andy Greenberg