Pierluigi Paganini September 22, 2013

A second iOS 7 Lockscreen vulnerability has been found a few days the first one was fixed by Apple. This time attackers can makes call from a locked iPhone.

A new iOS 7 Lockscreen vulnerability has been discovered, the flow allows attackers with physical access to the phone to make calls, including international calls and calls to premium numbers, from a locked iPhone.

The discovery arrived just a few days after that a previous iOS 7 lockscreen vulnerability has been fixed by Apple,  the previous flaw alerted Apple community because it allows anyone to bypass the lock screen to access users’ personal data including images and social media account.

The new  iOS 7 Lockscreen vulnerability was discovered by Karam Daoud, a 27 year old from the West Bank city of Ramallah in Palestine. The flaw allows attackers. Daoud reported the bug to Apple that announced a fix in the next software update.

The Hacker News portal reported a video in which Karam Daoud shows how to exploit the iOS 7 Lockscreen vulnerability to make calls when the devices is locked and allows only emergency calls.