Apple’s new firmware has a security vulnerability. A bug in the iOS 7 lock screen allows intruders to access Mail, Twitter, Photos and more on a compatible iOS device that’s protected by a passcode.
The exploit takes a bit of finesse to perfect, it requires some quick finger work by the intruder. This bug is somewhat similar to the lock screen bug in iOS 6.1, which gave access to Photos, Contacts and Voicemail. This time around, the exploit makes use of Control Center, a new iOS 7 feature which lets users access commonly used commands and apps easily.
The intrude must first bring up Control Center on a passcode locked iPhone or iPad by swiping up from the bottom of the display. From there, the Clock app can be launched without the need to enter a passcode. Once the app is up, the intruder can hold down the power button to bring up the switch-off pane. Instead of swiping to power off the device, the intruder is to select cancel and immediately follow it up with one short and one long press of the home button. This brings up the new multitasking view in iOS 7, which gives access to Mail, Photos, Twitter and more.
While it is not known right now if the exploit works on iPhone 5S or iPhone 5C, it is said to work with all other compatible iOS 7 devices. Until Apple releases a firmware update to patch this bug, the only way to protect your device is to disable Control Center from showing up on the lock screen, this can be done through the Settings app.