U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Hacking

New iOS 7 bug allows anyone to disable Find My iPhone feature

A new iOS 7 bug allows anyone to disable Find My iPhone feature and to bypass Activation Lock without user’s Apple credentials. HAckers can bypass Find My iPhone feature, a new bug menaces the security of Apple iPhone users, a flaw recently discovered in iOS 7.1 allows thieves to disable Find My iPhone feature, remove iCloud […]

New iOS 7 bug allows anyone to disable Find My iPhone feature

A new iOS 7 bug allows anyone to disable Find My iPhone feature and to bypass Activation Lock without user’s Apple credentials.

HAckers can bypass Find My iPhone feature, a new bug menaces the security of Apple iPhone users, a flaw recently discovered in iOS 7.1 allows thieves to disable Find My iPhone feature, remove iCloud and restore the mobile device without knowledge of the user’s Apple ID password.

A proof of concept was posted by 9to5mac.com, the video shows an iPhone that is hacked touching both the “Delete Account” icon and the toggle button, this sequence allows to disable Find My iPhone in the iCloud settings.  

 

When Apple presented its new feature called Activation Lock it announced that it will make it very hard for bad guys to prep it for resale, while the top lawyers from New York and San Francisco have sounded off on this new feature, describing  it as “an important first step towards ending the global epidemic of smartphone theft.”

Find my iPhone

Any possible abuse requires a user’s password as described by Apple

  • “Turning off Find My iPhone, erasing your device, reactivation, and signing out of iCloud requires your Apple ID password”
  • “A custom message can be displayed on your device even after a remote erase”

The new bug change the scenario, since Activation Lock requires Find My iPhone to be enabled, this feature won’t come online after a restore operation made by thieves. The consequences are serious in term of security for the users, a thief in fact can disable the Find My iPhone feature, remove iCloud, and restore the handset without having to provide the Apple ID credentials fro your iOS device.

Be aware, because to exploit the flaw in the iOS system the thief have to find the mobile unlocked, this is necessary to access the Settings app in the iPhone.  It is so important to avoid leaving unattended and unlocked the device, so activate the passcode lock or enable Touch ID feature.

Let’s wait for a prompt resolution of the bug.

Pierluigi Paganini

(Security Affairs –  iPhone, Find My iPhone )