Submitted by Bob Bhatnagar on
Now there's another reason to update your iPhone when Apple releases the iOS 4.2 firmware this November. The company has stated they are aware of the passcode lock security flaw and will issue a fix with the update. It's not clear whether or not Apple had the fix on their radar before reports about the security hole hit the web this week.
A forum user posted the simple procedure which allows iPhones to be accessed even if passcode lock is engaged. With a simple button sequence at the right time the Phone app can be accessed along with all of the contact information stored on an iPhone. Contacts can be called, emailed or even sent an MMS once the iPhone has been accessed, completely avoiding the four-digit passcode.
The security flaw revolves around the emergency call screen. When locked, an iPhone will allow emergency calls, however entering a non-emergency number and pressing send leaves the iPhone open to the security vulnerability. By simply pressing the sleep button immediately after pressing the emergency call button the iPhone is unlocked and inside the Phone application. Contacts, Recents, Favorites, Keypad and Voicemail are all accessible after entering the locked iPhone with this button sequence.
Other recent security fixes addressed by Apple include Safari browser issues that made JailbreakMe possible on the iPhone. This jailbreak was initiated by simple opening a web page in the Safari browser, and led Apple to close the hole to prevent others from exploiting the problem. Malicious software could easily be installed without a user's knowledge using the Safari exploit.