New iOS 6 bug lets institutional users install unapproved apps

Bug-ridden iOS is back in the news. In addition to Exchange woes and the Lock screen vulnerability discovered in iOS 6.1, both of which should be fixed with the iOS 6.1.2 software update said to arrive before next Wednesday, a new issue has been discovered which allows institutional iOS 6 users to bypass the “Don’t Allow Changes” account restriction and install unapproved apps by changing the iTunes account linked to the iOS device. Apple has reportedly acknowledged the glitch, but wouldn’t commit to fixing it in the next iOS software update…

Kudos to Matt Cummings who spotted the flaw.

The improved Restriction settings in iOS 6 contain the “Don’t Allow Changes” toggle which locks the entire iOS device to a specific account, a handy enhancements that prevents institutional users like students from installing apps not approved by their institution.

Apparently, the “Don’t Allow Changes” setting can be overridden using several backdoor methods, as seen in the clip top of post.

Writer Jordan Kahn of 9to5Mac has more:

Apple has confirmed to our source that the problem is indeed a bug that needs to be fixed.

However, Apple didn’t confirm when a fix for the “Don’t allow changes” bug would arrive.

Apple’s temporary solution is to turn off the “Installing Apps” option within Restrictions.

While this doesn’t appear to be a biggie, the video notes that the glitch prevents organizations from pushing apps and from allowing users to update apps.