Following the discovery of an iOS 6.1 security bug that allowed attackers to bypass your iPhone lock screen and access your contacts and voicemails without permission, security researcher and Vulnerability Lab CEO Benjamin Kunz Mejri has discovered a second exploit allowing attackers to perform the same task.
The second exploit is a little bit different than the original hack, and allows the attacker to access your device and download your information from it using USB – again, all without having to enter your security passcode.
Jacqui Cheng reports for Ars Technica:
As detailed by Mejri, this new bug appears to be slightly different from the one highlighted earlier this month. The two start out in a similar way—by following a set of steps that utilizes the Emergency Call function in addition to the lock/sleep button and the screenshot feature. When making an emergency call, an attacker could cancel the call while holding the lock/sleep button in order to access data on the phone.
The difference between the first exploit and this one is how it can make the iPhone screen go black, allowing an attacker to plug the device into a computer via USB and access the user’s data without having their PIN or passcode credentials.
Apple announced that they would close the first exploit with iOS 6.1.3, and it seems reasonable to assume they’ll target this second security hole with that update as well. If nothing else, one thing is clear from the discovery of these security holes: Apple needs to fix this – and the sooner, the better.