iOS 5.0.1 Security Bug Permits Anyone To Address Book Access Even If Protected By A Passcode

The recent Security Bug issue in iOS 5.0.1, that Path appliaction is liberating whole address books along with data and uploading it to their servers in the form of a plist file without the user’s permission. In this panic situation the company CEO David Morin immediately took reaction claiming the name, telephone numbers and email addresses of the user’s address book are taken to help users so that they can find friends and family who are using the Path application, the important point is that the contacts data not really belong to the users so, they don’t need permission and request to upload it.

This situation is took over by Path 2.0.6 released in the App Store. Path 2.0.6 gives an option-in policy for users. But even by the use of Path the new alert doesn’t exactly make it clear what the user trying  to opt in. But i hope at the developers end, infrastructure research and security blog this issue will be no longer linger on, may be thats why Peekay, has released information about users bypass security measures on an iPhone 4S, 4 and 3GS, leaking few information about user’s address book.

Now to get out of this issue for the users of iPhone 4 running a stock version of iOS 5.0.1 or even the iPhone 4S or 3GS, the developers of the blog could set up a security passcode requirement through Settings, and ensuring ‘Voice Dial’ was toggled off meaning the iPhone could not be ordered to place a phone call using the Voice Control function of the iPhone 4.

The iPhone 4users wich do not have siri functionalites can activate the Voice Control function by pressing and holding the Home button. Then the ‘Call Alice‘ with ‘Voice dialing is disabled‘. In the process of unlocking the iPhone, the standard passcode screen is dispalyed allowing users to put in their pin code for full device access. If ‘Emergency Calls’ are selected then activating voice control with a long Home button press, the command will be needed again of ‘Call Alice’ for which the phone replied with ‘No Match Found‘.

“No Match Found” shows only little information regarding the address book, which confirms the user have not a contact stored by that name. These security checks are further tested by various experiments and hence the locked and passcode protected device obligingly places the phone call to ‘Wayland Chan‘ doing circumvents all security restrictions on the phone.

The “Voice Control” has enlightened the issue further when told to call a contact which it exposes has more than one saved number for. The ‘Facetime Lisa Klein‘ command make it possible to initiate and complete a fully functioning, live video call from the device which was locked, passcode protected and explicitly had voice dialing disabled. Such an information is a magic for the recent Path helping Apple in some issues to address in iOS 5.1.

Incoming search terms:

• airblue sharing 0 9 21 ios 5 0 1
• iFaith-v1 4 3