A security researcher named Benjamin Kunz Mejri posted evidence of a new security flaw in the iPhones 5 and 6 and the iPad 2 running iOS 8.2 and later on Thursday. The flaw enables an attacker to easily bypass the lockscreen of the Apple device by taking advantage of a runtime error.
Apparently, Mejri had discovered this bug back in October last year. The security researcher added that he had notified the Cupertino company’s security team on the 22nd of the same month. It is not yet clear why the flaw was publicly disclosed now, though.
The vulnerability is located in the iPad 2 & iPhone 5 & 6 hardware configuration with iOS v8.2 – v9.2 when processing an update which results in a interface loop by the application slides. Local attacker can trick the iOS device into a mode were a runtime issue with unlimited loop occurs. This finally results in a temporarily deactivate of the pass code lock screen. By loading the loop with remote app interaction we was able to stable bypass the auth of an iphone after the reactivation via shutdown button. The settings of the device was permanently requesting the pass code lock on interaction. Normally the pass code lock is being activated during the shutdown button interaction.
In case of the loop the request shuts the display down but does not activate the pass code lock like demonstrated in the attached poc security video. In case of exploitation the attack could be performed time-based by a manipulated iOS application or by physical device access and interaction with restricted system user account. In earlier cases of exploitation these type of loops were able to be used as jailbreak against iOS. The vulnerability can be exploited in non-jailbroken unlocked apple iphone mobiles.
The flaw has been rated as ‘high’ on the vulnerability scale and according to Apple’s most recent figures, it affects users accounting to many tens of millions.
It is not yet clear whether this flaw affects any other devices and Apple hasn’t yet commented about the problem or its solution yet. We’ll keep you updated on any other developments on this issue.