Apple patches Exchange bug with iOS 6.1.2, still no fix for lockscreen exploit

February 20, 2013 | By
Tools

Apple (NASDAQ:AAPL) released its iOS 6.1.2 firmware update Tuesday, patching a bug preventing some iPhone and iPad users from syncing their mobile mailbox with Microsoft's (NASDAQ:MSFT) Exchange Server 2010 but failing to address a security vulnerability enabling hackers to bypass an iPhone's lockscreen and access core device functions.

iOS 6.1.2 "fixes an Exchange calendar bug that could result in increased network activity and reduced battery life," according to Apple. The 12.8 MB update is available over the air by accessing Settings > General > Software Update; consumers may also download it from the Apple site. While the previous iOS 6.1.1 update was available exclusively for the iPhone 4S, iOS 6.1.2 applies to all devices supported by iOS 6, including the iPhone 3GS, 4, 4S, and 5; the iPad 2, iPad mini, and both Retina iPads; and the fourth- and fifth-generation iPod touches.

The iOS 6.1.2 release follows less than a week after Apple identified the source of a Microsoft Exchange bug resulting in increased network activity and/or reduced battery life on some iOS devices. Microsoft had urged IT administrators to consider several temporary workarounds while Apple scrambled to patch the bug, even suggesting they create a custom throttling policy for iOS 6.1 users or block iOS 6.1 devices entirely.

But iOS 6.1.2 does not tackle the lockscreen exploit first identified in a YouTube clip posted by an iPhone user and later corroborated in tests conducted by multiple publications. The exploit involves making and immediately canceling a call from the emergency dial screen, then hitting the power button several times to load the Phone App button. The Phone App allows anyone to access the device's dialer, contact list, voicemail box, call history, messages, photos and FaceTime.

Apple has acknowledged the issue. "Apple takes user security very seriously," a spokesperson said in a statement supplied last week to ZDNet. "We are aware of this issue, and will deliver a fix in a future software update." Apple's iOS 6.1.2 release notes do not mention a fix for the lockscreen vulnerability, however, and tests conducted by Ars Technica indicate that devices running iOS 6.1.2 remain susceptible to the exploit.

For more:
- read this Ars Technica article
- read this Forbes article

Related articles:
Apple confirms iOS 6.1 lockscreen glitch, iPhone 4S battery drain persists
iOS 6.1 lockscreen bug gives hackers access to contacts, photos, messages
Apple expands Siri, iTunes match with iOS 6.1
Apple offers iOS 6 to developers ahead of iPhone 5 launch
Forecast: Apple's iOS 6 launch could boost App Store revenues to $5 billion

Filed Under
, , , ,
Press Releases
Featured Jobs
Sponsored Links