Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Apple iOS v6.1 (10B143) - Code Lock Bypass Vulnerability #2
From: Vulnerability Lab <research () vulnerability-lab com>
Date: Wed, 20 Feb 2013 02:58:12 +0100

Hey Kirils Solovjovs,
the secound issue is different to the once reported some days ago to
heise online.
The heise online issue (reported by another person) for example allows
with pressed button (only) to handle some of the functions like calls,
voicemail, contacts like you see in the video.

The secound issue allows you to bypass the code lock by using the
screenshot function which results in a blackscreen with the blue
standard template status bar. Attackers do not need to hold any button
or call
the emergency itself to bypass the login.

So why should i report an issue of another researcher? The combo to use
it and the reproduce is totally different.  I do not know him and
decided to drop my bug also after waiting 4 month. His issue was
reported 1 year ago and i like + respect it. Thats all. ;) After
Jerookie flamed around we also droped a message on twitter to make sure
both issues are different. It is the same bullshit he did when we
released the skype bug and msrc confirmed we have a seperate one. Thats
all ~bye

CONTACT: research () vulnerability-lab com

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]