Apple iOS 7 beta bug allows attackers to share private photos

Summary:A flaw in iOS 7 gives attackers the ability to quietly go through a user's camera roll to delete pictures or, worse, share them with others — even if the device uses a lock screen.

The lock screen in Apple's beta version of iOS 7 has already been circumvented, allowing an attacker to access certain content on the phone in a matter of seconds.

Spanish iPhone user Jose Rodriguez discovered the flaw, and informed Forbes on Wednesday. Rodriguez has uploaded a video of the process to YouTube, demonstrating that anyone has the ability to access the Calculator, Camera Roll, and Calendar applications, as well as delete photos and take screenshots.

Forbes was able to independently verify the bypass, but went further to state that anyone can "email, upload, or tweet the device's photos".

Apple's iOS 7 beta is currently only available to developers, so it is likely that early awareness of this oversight will assist in removing it from the final version of the operating system. However, lock screen bypasses have not been limited simply to beta software in the past.

Earlier this year, a lock screen bypass was found in iOS 6.1 , and although that was quickly patched in iOS 6.1.3, yet another bypass was found .

The problem is not restricted to Apple, either. Samsung's TouchWiz software, which runs on top of Android, has its own flaws that allow attackers to bypass the lock screens on the Galaxy Note II and Galaxy S III.

Topics: Apple, iOS, Mobile OS, Mobility, Samsung, Security

About

A Sydney, Australia-based journalist, Michael Lee covers a gamut of news in the technology space including information security, state Government initiatives, and local startups.

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.