Apple is set to issue a patch for almost 70 vulnerabilities in its iOS 7 software.
According to the Guardian, Apple will fix a security flaw in the new mobile device software that allows an attacker to bypass the lockscreen and access personal data. Within hours of the release of iOS7, the flaw was discovered and it gives access to personal data including email, photos, Twitter, Facebook and Flickr via a swipe up in the Control Center function from the bottom of the screen.
While the iPhone 5S and 5C are not affected, it does also offer access to the phone user’s alarms, a calculator, and the camera, as well as frequently-used settings such as Wi-Fi, Bluetooth and Airplane mode. Although the vulnerability relies on the hacker having physical access to the phone and cannot be executed remotely.
“Apple takes user security very seriously,” an Apple spokesman told the Guardian. “We are aware of this issue, and will deliver a fix in a future software update.”
according to Sophos’ Paul Duckin, the new flaw involves telling the lockscreen you want to make an emergency call, which is a option that, understandably, can’t be turned off. “You can even make emergency calls without a SIM card, let alone with the phone locked – and that really is a feature, not a bug,” he said.
He recommended removing the Control Center from the lockscreen to prevent the “photo sharing” lockscreen hole and consider sticking with iOS 6.1.3 for the time being.