Ios9.0.2

Apple releases iOS 9.0.2 | Security UPDATE

iOS 9.0.2 Lock Screen Security Update

9.0.2 update

Available for:

iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

Impact:

A person with physical access to an iOS device may be able to access photos and contacts from the lock screen

Description:

A lock screen issue allowed access to photos and contacts on a locked device. This issue was addressed by restricting options offered on a locked device.

  • CVE-ID
  • CVE-2015-5923

 

9.0.2 ipad

Documented:

As reported last week, 9.0.1 was released before a lock screen vulnerability could be addressed.

  • 9.0.1 was issued over-the-air as an intended bug fix installment squelching wifi connection bugs, as well as squaring away some issues with photos, Safari and Alarms.
  • Last Friday, a report of a lockscreen bypass using a button combo that invokes Siri using the long press gesture on the home button while entering the last 2 keys of a 4 digit pin…
  • I haven’t been able to reproduce the bypass on a 6 key lockscreen passcode. Keep this in mind: I have witnessed some of the media used in reporting this exploit are doing so using a video that shows someone performing the technique on an iPhone with TouchID enabled…obviously using the biometric sensor the way it is supposed to used.
  • The 4 key lockscreen bypass allows access to contacts and photos.

iOS 9.0.1 lockscreen vulnerability

Advertisements
%d bloggers like this: