Notorious lock screen security vulnerabilities continue to haunt Apple’s (NASDAQ:AAPL) iOS 7, the company’s new mobile operating system for iPhone, iPad and iPod touch, and the latest one targets the iOS 7.0.2, the most recent supplementary update to the revamped platform.
An Israel-based user named Dany Lisiansky posted a video on YouTube on Friday, in which he demonstrated how making a phone call using Siri from the lock screen can open up the iPhone’s phone app and expose the entire list of contacts, call history and even voicemail.
Although the vulnerability does not allow an intruder to access anything other than the phone app, it is still a failure for Apple’s security team given that iOS 7.0.2 was rolled out as an update to fix two previously discovered lock screen glitches on iOS 7.
To fix the bug temporarily, users can going to Settings > General > Passcode & Fingerprint settings, and disable Siri access from the lock screen until Apple comes with a proper fix for the issue, according to iDownloadBlog, which has verified the steps offered by Lisiansky to reproduce the vulnerability.
Here are the steps to execute the bug:
Step 1: Make a phone call (with Siri / Voice Control)
Step 2: Click the FaceTime button
Step 3: When the FaceTime App appears, click the Sleep button
Step 4: Unlock the iPhone
Step 5: Answer and End the FaceTime call at the other end
Step 6: Wait a few seconds
Step 7: Done. You are now in the phone app
Take a look at the video here:
This was the third lock screen vulnerability that has been spotted inside the iOS 7, which is touted by Apple as the most significant change to the iOS platform since the launch of the first-generation iPhone in 2007.
The first security bug in iOS 7 was discovered in less than two days after its public release on Sept. 18. The bug allowed anyone to use the new Control Center feature to bypass the passcode-protected lock screen on devices running the latest OS and access a number of apps containing personal data such as photos, email, text messages, and even Facebook and Twitter accounts.
Just one day after the first bug was reported, the iOS 7 encountered another security flaw, allowing anyone to make a call even if the iPhone is on the passcode-protected lock screen.
Apple, however, fixed both the glitches by releasing iOS 7.0.2 on Thursday.