MUST READ

SonicWall investigates possible zero-day amid Akira ransomware surge

 | 

Chaining NVIDIA's Triton Server flaws exposes AI systems to remote takeover

 | 

Hacking group D4rk4rmy claimed the hack of Monte-Carlo Société des Bains de Mer

 | 

Northwest Radiologists data breach hits 350,000 in Washington

 | 

PlayPraetor Android RAT expands rapidly across Spanish and French-speaking regions

 | 

Lovense flaws expose emails and allow account takeover

 | 

Nation-state group CL-STA-0969 targeted Southeast Asian telecoms in 2024

 | 

Akira Ransomware targets SonicWall VPNs in likely zero-day attacks

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 56

 | 

Security Affairs newsletter Round 535 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

New Linux backdoor Plague bypasses auth via malicious PAM module

 | 

China Presses Nvidia Over Alleged Backdoors in H20 Chips Amid Tech Tensions

 | 

Malicious AI-generated npm package hits Solana users

 | 

Meta Offers $1M bounty at Pwn2Own Ireland 2025 for WhatsApp exploits

 | 

ToolShell under siege: Check Point analyzes Chinese APT Storm-2603

 | 

CISA released Thorium platform to support malware and forensic analysis

 | 

Russia-linked APT Secret Blizzard targets foreign embassies in Moscow with ApolloShadow malware

 | 

Dahua Camera flaws allow remote hacking. Update firmware now

 | 

Researchers released a decryptor for the FunkSec ransomware

 | 

Apple fixed a zero-day exploited in attacks against Google Chrome users

 | 

A second iOS 7 Lockscreen vulnerability concerns Apple users

Pierluigi Paganini September 22, 2013

A second iOS 7 Lockscreen vulnerability has been found a few days the first one was fixed by Apple. This time attackers can makes call from a locked iPhone.

A new iOS 7 Lockscreen vulnerability has been discovered, the flow allows attackers with physical access to the phone to make calls, including international calls and calls to premium numbers, from a locked iPhone.

The discovery arrived just a few days after that a previous iOS 7 lockscreen vulnerability has been fixed by Apple,  the previous flaw alerted Apple community because it allows anyone to bypass the lock screen to access users’ personal data including images and social media account.

The new  iOS 7 Lockscreen vulnerability was discovered by Karam Daoud, a 27 year old from the West Bank city of Ramallah in Palestine. The flaw allows attackers. Daoud reported the bug to Apple that announced a fix in the next software update.

The Hacker News portal reported a video in which Karam Daoud shows how to exploit the iOS 7 Lockscreen vulnerability to make calls when the devices is locked and allows only emergency calls.

iOS 7 Lockscreen vulnerability

The video is eloquent, the attacker just needs to dial a number and then rapidly tap the call button until the device proposes a black screen with an Apple logo in the center  while the iPhone makes the call to the number dialed.
This is the second iOS 7 Lockscreen vulnerability discovered in a few days and for Apple users accustomed to the high quality of their product it is a surprise. Personally I’m very puzzled by bag just found, it practically seems that lockscreen feature simply hasn’t stressed enough before the release of the product. I also add that on various forums and newspapers many users are submitting numerous bugs that affect the new version of the popular OS … Fortunately Apple is very careful with the security of its customer and will fix all asap.

Pierluigi Paganini

(Security Affairs –  Apple, iOS 7 Lockscreen vulnerability, hacking)  

Apple Hacking iOS 7 iPhone mobile privacy security

you might also like

Pierluigi Paganini August 05, 2025
SonicWall investigates possible zero-day amid Akira ransomware surge
Read more
Pierluigi Paganini August 05, 2025
Chaining NVIDIA's Triton Server flaws exposes AI systems to remote takeover
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

SonicWall investigates possible zero-day amid Akira ransomware surge

Security / August 05, 2025

Chaining NVIDIA's Triton Server flaws exposes AI systems to remote takeover

Security / August 05, 2025

Hacking group D4rk4rmy claimed the hack of Monte-Carlo Société des Bains de Mer

Cyber Crime / August 04, 2025

Northwest Radiologists data breach hits 350,000 in Washington

Data Breach / August 04, 2025

PlayPraetor Android RAT expands rapidly across Spanish and French-speaking regions

Malware / August 04, 2025