Site icon The Mac Security Blog

Apple iOS 6.1.3 Update Fixes Passcode Bug

Apple has released security updates for iOS with an update to version 6.1.3, designed to resolve a bug that allows anyone to bypass the lockscreen on a passcode-protected iPhone. Before the fix, hackers could have potentially accessed your phone application, looked through photos on the device, listened to your voice mails, and placed calls. This software update fixes six flaws altogether, affecting iPhone 3GS and later, iPod touch (4th generation) and later, and iPad 2 and later.

Apple described the passcode bug and their resolution as follows:

A person with physical access to the device may be able to bypass the screen lock. A logic issue existed in the handling of emergency calls from the lock screen. This issue was addressed through improved lock state management.

In addition to resolving the iOS lockscreen flaw (CVE-2013-0980), this update also fixes vulnerabilities that will prevent the use of the popular jailbreak software evasi0n, which Charlie Miller has predicted will be “the last public jailbreak ever released.”

As news broke of the iOS 6.1.3 update, other Twitter users chimed in, too:

The Evasi0n jailbreak tool became the most popular jailbreak ever with nearly seven million iOS devices hacked just four days removed from of its official release date, according to Forbes. Perhaps with Charlie Miller’s gloomy prediction coupled with huge numbers of iOS users jailbreaking their iPhones, many people may wish to keep their jailbreak and live with the lockscreen flaws.

Updated March 20, 2013 for security contents of iOS 6.1.3

_____

Following are descriptions of the six iOS vulnerabilities resolved in this update:

Apple iOS users can download and install the 28.5 MB update in iTunes or through your device Settings (select General > Software Update).

Share this: