A member of
the Mac Rumors forums has uncovered a major flaw that allows malicious users
to gain access to certain passcode-protected iPhones. The forum member has
helpfully detailed the steps needed to reproduce the issue, too:
Set iPhone to use passcode lock, have contacts marked as Favorites with links, phone numbers, addresses, etc in address book entry.
Tap "Emergency Call" keypad from passcode entry screen.
Double-tap home button.
Tap blue arrow next to contact's name. You now have full access to applications such as Safari, complete Contacts list, SMS, Maps, "full" Phone access, and Mail by accessing various entries on the Favorite's page, i.e. tapping their home page brings up a full, unrestricted Safari.
Reuters contacted an Apple spokeswoman for more information, and she revealed that
Apple knows about the issue and is working on a fix. Until that fix comes out,
she says users can circumvent the flaw by configuring their iPhones so the
'Home' button opens up the music collection rather than the "Favorites" menu.