Apple has acknowledged a newly-discovered security flaw in the iPhone and is promising to offer a fix with next month's release of iOS 4.2.
The new flaw allows someone to access the phone dialer on a locked iPhone by punching a certain sequence of buttons, thereby giving them the ability to make phone calls, send e-mails, and access the address book. Confirmed by Wired Magazine, the Boy Genius Report, and other online sources, the flaw was reportedly first discovered and posted by a user on the MacRumors online forum on October 22.
Bypassing the lock requires someone to tap the Emergency Call button, enter a non-emergency number such as ###, tap the call button, and then hit the lock button. Though the forum user said he was using a jailbroken iPhone, other users with non-jailbroken phones quickly chimed in to report the same bug.
On its end, Apple is eyeing a fix for the flaw. In response to a query from CNET, an Apple spokeswoman e-mailed the following statement:
"We're aware of this issue and we will deliver a fix to customers as part of thein November."
This latest vulnerability mimics aon the iPhone's OS that let someone tap a series of buttons to sneak past the passcode security. At the time, iPhone cracker and forensics specialist Jonathan Zdziarski also , which he claimed was relatively easy to hack. Zdziarski offered the simplest bit of advice: don't allow physical access to your iPhone.