The highly-anticipated iOS 7 update just started hitting iPhones and iPads yesterday, and already a major vulnerability has been discovered. Just like iOS 6.1 before it, the exploit involves a sequence of touches that allows a user to bypass a device’s Lock screen.
The bug isn’t easy to reproduce, but I was able to replicate it on my iPhone 4s. And despite having a passcode, it gave me access to a number of apps that contain personal data like photos, email, text messages, and both my Facebook and Twitter accounts…
Forbes credits the finding of the exploit to YouTube user Jose Rodriguez:
If you’re interested in trying it out for yourself, we’ve listed the steps below:
- Swipe up on the Lock screen to access your device’s iOS Control Center.
- From there, open the Alarm Clock app
- Then, hold down on the power button to bring up options to ‘Power Off’ or ‘Cancel’
- Tap Cancel and then quickly double click the Home button to launch the multitasking screen
From there you’ll notice that you can access almost any app you have running in the background—pretty scary huh?. Luckily, AllThingsD says that Apple is aware of the problem and working on a fix, so that means we should see an iOS 7.0.1 update shortly.
In the meantime, if you want to protect your iPhone or iPad from the exploit, just disable Control Center access on the Lock screen in your Settings app.