Yet another bug has been discovered in Apple’s latest firmware update. This one lets intruders make calls even if the iPhone is locked with a passcode.
The previous iOS 7 lockscreen bug allows intruders to access Mail, Photos or Twitter on any compatible device that’s locked with a passcode. That bug is actually quite similar to what was previously seen on iOS 6.1. The latest bug, which has been discovered by Karam Daoud, lets anyone make calls to anywhere, anytime. International and premium numbers can be called as well. The vulnerability exists in the iPhone’s emergency calling feature.
To make a call from a passcode locked iPhone, the intruder can first simply tap “Emergency” on the lockscreen. The emergency calling screen comes up. The number which is to be called can be entered here, then the intruder must repeatedly tap the call button until the iPhone shows a black screen with the Apple logo. The call is then put through. As per Daoud, this vulnerability can be exploited on the iPhone 5, as well as earlier iPhones running iOS 7.
Apple has been notified about this bug and it says that the bug will be fixed in an upcoming firmware update, it has said the same about the other lockscreen bug which was reported on yesterday. At this point in time, it is not known when the incremental iOS 7.0.x update carrying bug fixes is due to arrive.