Apple says it is “aware” of a security weakness that allows anyone to bypass iPhone 3G and iPhone 4 PIN codes with a few button presses and will fix it in a software update next month.
“We’re aware of this issue and we will deliver a fix to customers as part of the iOS 4.2 software update in November,” Apple Australia said in a statement provided early this morning.
Yesterday this website reported a security flaw that allows anyone to bypass the iPhone 3G and iPhone 4 PIN code by pressing a couple of on-screen buttons followed by pressing one of the iPhone’s two main physical buttons.
The bypass doesn’t allow full access to the smartphone but does allow one to browse its photo gallery, send an MMS message, make phone calls, see all of the iPhone’s contacts, send a contact card via email and play music using the iPhone’s voice control function.
Both iPhones tested were running the latest software. The iPhone 3GS doesn’t appear to be affected. After publication, further testing with the iPhone 3GS did allow for this website to bypass its PIN. Rapid execution of a certain button press instead of a delayed press was key to bypassing its security.
Due to legal reasons this website cannot describe the method used to bypass the PIN but many websites have described it.
In October, a daylight saving time bug caused some Australians to have their iPhone alarm clock wake them up either one hour early or one hour late. Apple said it would fix that bug in “an upcoming update”.