A new lock screen passcode bypass flaw has been discovered that affects iPhone 5, iPhone 6 and iPad 2 running iOS 8.2 or higher. Discovered by a security researcher the flaw allows attackers to bypass the lock screen even if it’s secured with a passcode. It’s unclear if this “high-rated” flaw affects other iOS devices and those running on much newer versions of iOS.
This isn’t exactly a new discovery since similar flaws have been discovered in previous versions of iOS however Apple is usually quick to fix them by way of an over-the-air firmware update.
Benjamin Kunz Mejri is the security researcher who discovered the flaw and he has even posted a proof of concept video on Facebook to show that it really works. An attacker needs to have physical access to the device and can then perform a time-based attack to bypass the passcode.
Mejri explains that attackers can tap into this exploit to gain access by tricking the device into a mode where a runtime issue with unlimited loop occurs. Ultimately this results in the passcode on the lock screen being deactivated.
The researcher says that he identified Apple’s security team about this exploit on October 22nd 2015 so it’s not exactly clear why he’s publicly disclosing it now. Apple has not yet commented on this.