Apple has today released iOS 6.1.3 for the iPhone (3GS and later), iPad (2nd generation and later) and iPod Touch (4th generation and later) devices. The code lock bypass which uses the emergency call function is only applicable to the iPhone 5 running iOS 6.1 (see bootnote), has now been fixed in this release. Bypassing the passcode lock screen using the emergency call function isn’t new and various discoveries were found on previous iOS versions i.e. 4.1.
The iOS 6.1.3 firmware update (most at the kernel level) will stop a local user from being able to execute unsigned code on the ARM chipset. Other fixes included locking down a local user in having the ability to change permissions on arbitrary files. Then there was a USB issue whereby again a local user could execute arbitrary code in the kernel, which have been fixed by performing some additional validation of the pipe object pointers.
Update March 25th: iOS 6.1.3 has the same security flaw but easier than above – check out this YouTube video. If you are using this version you should disable Voice Dial on your iPhone 5.
Lastly, a user could visit a malicious website which could have lead to an unexpected app termination or arbitrary code execution, which was fixed by improving type checking.
For further information: http://support.apple.com/kb/HT5704
This firmware update is currently only available vi Wi-Fi and not via mobile networks. The iPhone update is 18.2 MB and iPod Touch 17.7 MB.
If you don’t see this update, here is another way:
Go to – Settings > General > Software Update > Download and Install
Safe surfing folks!
Bootnote: This flaw could have also affected the iPad and iPod Touch although it has not been proved publicly.