iOS 6.1.3 Update Fixes Lock-screen Vulnerability

By Jane McEntegart
published

Back in mid-February it emerged that a hole in iOS 6.1 allowed folks to bypass the iPhone lockscreen and make calls without ever having to enter the passcode set by the device's owner. At the time, Apple said it was aware of the problem and that it was working on a fix that would arrive in a future software update.

If you're rocking iOS 6.1, you'll be pleased to know that fix has arrived. iOS 6.1.3 fixes a number of bugs, including the hole that allowed users to access certain parts of your phone without having to input the lockscreen code. The trick involved making an emergency call, canceling it, attempting to turn the phone off, and pressing the power button. Though this trick wouldn't give complete access to the phone, it did give access to the phone app, which allowed the person attempting to access your phone to make calls, edit contacts, view photos (by trying to add a photo to a contact's number), and check voicemail.

For full details on the bugs fixed by iOS 6.1.3, check out this security note.

Contact Us for News Tips, Corrections and Feedback

Jane McEntegart
21 Comments Comment from the forums
  • s3anister
    lol, finally.
    Reply
  • blurr91
    Are you sure that's a "vulnerability" rather than a "feature?"
    Reply
  • christarp
    s3anisterlol, finally.blurr91Are you sure that's a "vulnerability" rather than a "feature?"
    http://arstechnica.com/gadgets/2013/03/samsungs-galaxy-s-iii-has-a-lock-screen-bug-too/

    http://www.itechpost.com/articles/6831/20130320/samsung-galaxy-s3-note-2-new-lockscreen-security-exploit-discovered.htm

    Reply
  • Memnarchon
    "iOS 6.1.3 Update Update Fixes Lock-screen Vulnerability and allows you to holding it right"
    There. Fixed it for you.
    Reply
  • lilchina
    not all vulnerability fixed. If you start a voice dial at lock screen as soon as it start to dial pull SIM card it will take you to contacts.
    Reply
  • emjayy
    Fixed? Don't hold your breath.They fixed the original lockscreen bypass vulnerability but simultaneosly introduced a brand new one! This is why I laugh so much when folks calls Apple a 'premium' and 'enterprise-ready' brand.
    Reply
  • sundragon
    emjayyFixed? Don't hold your breath.They fixed the original lockscreen bypass vulnerability but simultaneosly introduced a brand new one! This is why I laugh so much when folks calls Apple a 'premium' and 'enterprise-ready' brand.Funny, Apple's update includes hardware like the 3GS that came out in 2009...

    Please point out ONE Android handset from 2009 that gets an update (without rooting) from the manufacturer, or Google for that matter?

    Just one that brings the phone to Jellybean, or even 4.1?

    How about a Windows phone from 2009 that has a software update?

    Right... That's what I thought.

    Kudos to manufacturers that update their software! I got my Nexus because Google promises this, and apparently is the only one to do so, which is a sad state of affairs.

    All OSs have vulnerabilities, Android is far from immune, I know first hand because I own one. You wanna poke fun but the joke's on you
    Reply
  • sundragon
    christarphttp://arstechnica.com/gadgets/201 n-bug-too/http://www.itechpost.com/articles/ overed.htm
    Truth hurts, lets see how long it takes for a fix to come out! All things being equal, hopefully they've learned from the bad press and are working on it.
    Reply
  • robochump
    emjayyFixed? Don't hold your breath.They fixed the original lockscreen bypass vulnerability but simultaneosly introduced a brand new one! This is why I laugh so much when folks calls Apple a 'premium' and 'enterprise-ready' brand.
    Yeah, its already known there is another 'work around' after the 6.1.3 fix. Then again if someone else got your phone then you have bigger problems...lol.
    Reply
  • happyballz
    sundragonFunny, Apple's update includes hardware like the 3GS that came out in 2009...Please point out ONE Android handset from 2009 that gets an update (without rooting) from the manufacturer, or Google for that matter?Just one that brings the phone to Jellybean, or even 4.1?How about a Windows phone from 2009 that has a software update?Right... That's what I thought.Kudos to manufacturers that update their software! I got my Nexus because Google promises this, and apparently is the only one to do so, which is a sad state of affairs.All OSs have vulnerabilities, Android is far from immune, I know first hand because I own one. You wanna poke fun but the joke's on you
    Yeah have you tried running 6 on 3GS? If so I hope you like your lags.
    Reply