Barely have owners of devices running Apple’s iOS recovered from a newly discovered passcode vulnerability for devices running iOS 6.1 when a second bug surfaced this week.
The new bug may potentially allow access to a user’s contact list, voicemails and more, security vendor Sophos said in a blog post. “In this second version of the exploit, a hacker can also make the iPhone screen go black, thereby allowing him or her to plug the phone into a computer via USB and grab data off the device without a PIN or passcode credentials,” it said. The first vulnerability had surfaced earlier this month.
Sophos said both attacks involve using the Emergency Call function, the lock/sleep button, and the screenshot feature.
“When placing the emergency call, an attacker could cancel the call while holding the lock/sleep button in order to access data on the phone,” it said.
But the attacker will have to have physical access to the device.
“Exploiting this second bug still requires a certain degree of dexterity, if not a prehensile tail. But the bug still implies a risk to iOS 6.1 users’ data and Vulnerability Lab estimates it’s a high risk,” Sophos added.
via TJD, GMA News
