Apple has acknowledged a newly-discovered security flaw in the iPhone and is promising to offer a fix with next month's release of iOS 4.2.
The new flaw allows someone to access the phone dialer on a locked iPhone by punching a certain sequence of buttons, thereby giving them the ability to make phone calls, send e-mails, and access the address book. Confirmed by Wired Magazine, the Boy Genius Report, and other online sources, the flaw was reportedly first discovered and posted by a user on the MacRumors online forum on October 22.
Bypassing the lock requires someone to tap the Emergency Call button, enter a non-emergency number such as ###, tap the call button, and then hit the lock button. Though the forum user said he was using a jailbroken iPhone, other users with non-jailbroken phones quickly chimed in to report the same bug.
On its end, Apple is eyeing a fix for the flaw. In response to a query from CNET, an Apple spokeswoman e-mailed the following statement:
"We're aware of this issue and we will deliver a fix to customers as part of the iOS 4.2 software update in November."
This latest vulnerability mimics a similar flaw found in 2008 on the iPhone's OS that let someone tap a series of buttons to sneak past the passcode security. At the time, iPhone cracker and forensics specialist Jonathan Zdziarski also criticized the iPhone's overall passcode security, which he claimed was relatively easy to hack. Zdziarski offered the simplest bit of advice: don't allow physical access to your iPhone.