or Connect
AppleInsider › Forums › Mobile › iPhone › Apple to release iOS 6.1.2 to address passcode vulnerability by February 20 -report
New Posts  All Forums:Forum Nav:

Apple to release iOS 6.1.2 to address passcode vulnerability by February 20 -report

post #1 of 26
Thread Starter 
Apple is already working on an update to iOS 6 to address a dangerous passcode vulnerability discovered earlier in the week, with one report claiming that the company anticipated issuing the update as early as next week.



German blog iFun published the latest information on the fix Friday, saying that iOS 6.1.2 will arrive early next week, and likely before February 20. iFun accurately predicted the launch of iOS 6.1.1, relying on the same sources that tell them 6.1.2 is on the way.

News of the lockscreen exploit hit the Internet Wednesday. Using the bypass method, one can view and modify an iPhone owner's contacts, listen to voicemail, and browse through their photos. The exploit does not, though, appear to grant access to email or the web.

Apple on Thursday acknowledged the vulnerability. The company, representatives said to the media, is hard at work on a patch, though they provided no hard details on when users could expect one.
post #2 of 26

Ugh. Shouldn't have gone out with this bug. Doesn't speak well to Apple's QA process. This usage case is too common not to undergo testing. Somebody should get smacked for this.   

post #3 of 26
Quote:
Originally Posted by Blastdoor View Post

Ugh. Shouldn't have gone out with this bug. Doesn't speak well to Apple's QA process. This usage case is too common not to undergo testing. Somebody should get smacked for this.   

Have you read the article? the things you have to do to reproduce this so called "bug" are insane.  Apple of course has to jump on it to keep the media circus at bay.

post #4 of 26

Looking forward to iOS 6.1.3.

"Apple should pull the plug on the iPhone."

John C. Dvorak, 2007
Reply

"Apple should pull the plug on the iPhone."

John C. Dvorak, 2007
Reply
post #5 of 26
Quote:
Originally Posted by Blastdoor View Post

Ugh. Shouldn't have gone out with this bug. Doesn't speak well to Apple's QA process. This usage case is too common not to undergo testing. Somebody should get smacked for this.   

 

"This would never happen if Steve were alive..."

 

"Now we know what happened to the MobileMe team..."

 

"Tim Cook is failing, there's been no innovation since he took over..."

 

"This is the beginning of the end for Apple..."

 

"It's the 1980s all over again..."

 

"iOS isn't exciting..."

 

"I love Apple, but it seems like they're making more mistakes..."

 

/s

"Apple should pull the plug on the iPhone."

John C. Dvorak, 2007
Reply

"Apple should pull the plug on the iPhone."

John C. Dvorak, 2007
Reply
post #6 of 26
Quote:
Originally Posted by Slicksim View Post

Have you read the article? the things you have to do to reproduce this so called "bug" are insane.  

 

Not really. Clearly it would be difficult to find if you were unaware of the bug, but once you know the procedure (e.g. when it's all over the internet) it's fairly easy to exploit.

post #7 of 26

I hope the Exchange issue is resolved as well. Not going to point fingers here. Just want this to be fixed.

 

Apple says: http://support.apple.com/kb/TS4532

Microsoft says: http://support.microsoft.com/kb/2814847

post #8 of 26
Originally Posted by Euphonious View Post
Not really. Clearly it would be difficult to find if you were unaware of the bug, but once you know the procedure (e.g. when it's all over the internet) it's fairly easy to exploit.

 

See, that wasn't the point. He's claiming it's Apple's fault, when there is no reasonable expectation for them to ever have known about something like this.

Originally posted by Relic

...those little naked weirdos are going to get me investigated.
Reply

Originally posted by Relic

...those little naked weirdos are going to get me investigated.
Reply
post #9 of 26
A five day turnaround on a bug that isn't even a serious security issue is absolutely amazing. Nothing to criticise here at all.

Conspiracy theory:
Someone at Apple discovered this bug a while ago and kept it on hold until the jailbreak came out. This way Apple can release a fix for both and no one can say that Apple turned off the jailbreak on purpose because they have a perfect cover for the releasing an early fix. 1smile.gif
post #10 of 26
Quote:
Originally Posted by Blastdoor View Post

Ugh. Shouldn't have gone out with this bug. Doesn't speak well to Apple's QA process. This usage case is too common not to undergo testing. Somebody should get smacked for this.   


This should be fixed no doubt but i wouldn't say this is even a remotely common use case. You have to execute a fairly large number of steps in a proper sequence to even have a chance of this happening. Plus someone would have to have physical access to your phone and have the knowledge to even attempt this. It is a vulnerability that is being addressed, but I doubt that anyone was adversely effected by this. At least until these tech sites and that idiot on You Tube showed everyone how to do this
post #11 of 26
Quote:
Originally Posted by Tallest Skil View Post

 

See, that wasn't the point. He's claiming it's Apple's fault, when there is no reasonable expectation for them to ever have known about something like this.

 

I've heard that Apple was directly responsible for the Russian bolide this morning also.  1rolleyes.gif

post #12 of 26

Another iOS6 oversight got more attention in the past few days, this one affecting teachers, schools or similar organizations trying to prevent users of Apple devices from installing unapproved content. 

 

http://www.youtube.com/watch?feature=player_embedded&v=TdMWxHNpG38

melior diabolus quem scies
Reply
melior diabolus quem scies
Reply
post #13 of 26
Quote:
Originally Posted by Gatorguy View Post

Another iOS6 oversight popped up in the past few days, this one affecting teachers, schools or similar organizations trying to prevent users of Apple devices from installing unapproved content. 

 

http://www.youtube.com/watch?feature=player_embedded&v=TdMWxHNpG38

 

Interesting but I don't see this a s a big deal.  It's only a problem if you are locking down the devices with corporate level security which is not common in Educational Institutions.  

 

It's far more likely that Educational users want managed devices, but still want the ability to install personal apps than it is to have an Educational user that want's to lock everythign down like Fort Knox.  Also, if they are managed devices, the content should be controlled through syncing and profiles.  The users shouldn't need access to the store for anything other than personal purchases so disallowing the store is actually a very good, albeit temporary, solution.  

post #14 of 26
Quote:
Originally Posted by Euphonious View Post

 

Not really. Clearly it would be difficult to find if you were unaware of the bug, but once you know the procedure (e.g. when it's all over the internet) it's fairly easy to exploit.

 

And this is the fault of who, exactly? Click-whoring tech blogs who fell over themselves to publish the instructions and splash the headlines all over the place. It's irresponsible, but noone gives a shit about that anymore. It's a bug that one would never, ever discover by accident, requires physical access to your phone from someone who's taken the time to read how to accomplish it, and with malicious intent. Which is why Apple can be excused for letting it slip through- but these websites that published the instructions to the entire world shouldn't be excused for their irresponsibilty. 

post #15 of 26
If you do the steps slowly it takes about a minute to do, not hard at all if you know what you are doing and there are not that many steps.
post #16 of 26
Originally Posted by Gazoobee View Post
I've heard that Apple was directly responsible for the Russian bolide this morning also.  1rolleyes.gif

 

What are the odds of this wholly unrelated event happening in such close proximity to 2012 DA14? It's astonishing!

 

I imagine they're… astronomical…

Originally posted by Relic

...those little naked weirdos are going to get me investigated.
Reply

Originally posted by Relic

...those little naked weirdos are going to get me investigated.
Reply
post #17 of 26
Quote:
Originally Posted by Slicksim View Post

Have you read the article? the things you have to do to reproduce this so called "bug" are insane.  Apple of course has to jump on it to keep the media circus at bay.

 

Umm.... sort of. Basically I'm a total idiot. I had multiple windows open and thought I was commenting on the Exchange bug. That's the thing that should have been caught. 

 

It is pretty weird that apple keeps having problems with getting through the passcode, though. It's not a problem of QA, but a problem of design. 

post #18 of 26

deleted


Edited by MacRulez - 7/5/13 at 3:27pm
post #19 of 26
It should be possible to roll back. I'm losing 1% / 3min with 6.1.1 1frown.gif
post #20 of 26

Does anyone know how this exploit/bug was discovered? Given the number of steps it seems unlikely that it was by chance

post #21 of 26
Quote:
Originally Posted by hungover View Post

Does anyone know how this exploit/bug was discovered? Given the number of steps it seems unlikely that it was by chance

I think it's pretty much the same steps used to exploit a similar flaw exposed in iOS4.1. 

 

The original find back in 2010 is discussed here:

http://forums.macrumors.com/showthread.php?t=1035879

melior diabolus quem scies
Reply
melior diabolus quem scies
Reply
post #22 of 26
Quote:
Originally Posted by Gatorguy View Post

I think it's pretty much the same steps used to exploit a similar flaw exposed in iOS4.1. 

 

The original find back in 2010 is discussed here:

http://forums.macrumors.com/showthread.php?t=1035879

Thanks

post #23 of 26

Impatiently waiting for 6.1.3 ;)

post #24 of 26
Quote:
Originally Posted by MrMiB View Post

It should be possible to roll back. I'm losing 1% / 3min with 6.1.1 1frown.gif

Strange, my iPhone 4S has really much better battery life with 6.1.1

post #25 of 26
Quote:
Originally Posted by Euphonious View Post

Not really. Clearly it would be difficult to find if you were unaware of the bug, but once you know the procedure (e.g. when it's all over the internet) it's fairly easy to exploit.
Yes it is yet, how many chances do you have till you acidcdiantly call the police, this seems more of a hack in the OS.
post #26 of 26
Uh oh, found a way to hack it into the home screen, That is more pearsonel, but this might
be the reason another person, randomly knows my phone mumber, name, and is calling from a blocked number (how do you unblock a number?)
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: iPhone
  • Apple to release iOS 6.1.2 to address passcode vulnerability by February 20 -report
AppleInsider › Forums › Mobile › iPhone › Apple to release iOS 6.1.2 to address passcode vulnerability by February 20 -report