Hot on the heels of a reported security flaw in iOS 7 that allows anyone to bypass the lock screen to access users’ personal data, a new bug was discovered in Apple’s (NASDAQ:AAPL) revamped iOS, which lets anyone make a call even when the iPhone is on the passcode-protected lock screen.

According to a report by Forbes, the new vulnerability was discovered by Karam Daoud from the West Bank city of Ramallah in Palestine. In a video, Daoud showed that calls can be made to any number from a locked iPhone running iOS 7 by using a vulnerability in the device’s emergency calling function.

Daoud said that anyone who has physical access to a passcode-protected iPhone running iOS 7 can take advantage of the flaw by going to the emergency calling screen on the device. The person needs to dial a number and then rapidly tap the call button until an empty screen with an Apple logo appears and makes the call to the particular number.

Forbes said that Daoud had tested the bug on older iPhone models running iOS 7, and he found that it applied to them as well.

Here is a video, made by Daoud, which shows the entire procedure to reproduce the vulnerability:

Daoud had informed Apple about the bug, and the company confirmed to him that it would be fixed in an upcoming iOS 7 software update.

According to Forbes, while the first iOS 7 bug could easily be rectified by disabling the Control Center by toggling it off in the Settings app, Daoud’s flaw does not seem to have any immediate fix for it.

Regardless of all these security loopholes in iOS 7, users around the world are updating their devices to the latest version of the platform in increasing numbers. Nearly 32 percent of North American iOS Web-based traffic came from the iOS 7, two days after its release, according to one recent report.


Chitika, an online ad network, said in an update to an earlier report that iOS 7 accounted for 31.7 percent of the iOS traffic by the afternoon of Sept. 20, 48 hours following the release of the new OS.

“This outpaces iOS 6, which took about three days to cross the 30% threshold,” said the Chitika report, which examined a sample of millions of North American iOS-based online ad impressions ranging from Sept. 18 to Sept. 19.