Apple has released iOS 7.0.2 with fixes for bugs that could allow someone to bypass the lockscreen passcode. The iOS 7.0.2 software update comes just one week after Apple launched iOS 7, which was quickly followed by the discovery of a new passcode bypass that allows access to email, Twitter, Facebook and Flickr. This update is available for iPhone 4 and later, iPod touch (5th generation) and later, and iPad 2 and later.
From Apple’s security bulletin, the bugs fixed in this update are described as follows:
- CVE-2013-5160 : A person with physical access to the device may be able to make calls to any number. A NULL dereference existed in the lock screen which would cause it to restart if the emergency call button was tapped repeatedly. While the lock screen was restarting, the call dialer could not get the lock screen state and assumed the device was unlocked, and so allowed non-emergency numbers to be dialed. This issue was addressed by avoiding the NULL dereference.
- CVE-2013-5161 : A person with physical access to the device may be able to see recently used apps, see, edit, and share photos. The list of apps you opened could be accessed during some transitions while the device was locked, and the Camera app could be opened while the device was locked.
Apple iOS users can download and install the iOS 7.0.2 software update through iTunes or through your device Settings (select General > Software Update).