Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: iOS 9.2.1 Siri Lock screen bug returns? - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
iOS 9.2.1 Siri Lock screen bug returns?
Hi,

I can't find any reference on the web right now but has anyone else noticed that the bug Apple fixed in 9.0.2 that stopped the trick where an attacker enters a lock screen code incorrectly 4 times and on the 5th attempt fires up Siri and then manages to jump into Contacts and Photos is back again?

I have just done it on a couple of different 9.2.1 devices. I can't repeat it on a 9.0.2 device. It is identical. There are various videos out there showing how to get the timing right to pull this off. I could easily be making a mistake here so apologies if I'm wasting anyones time. I have searched and searched for any news on this but nothing.

If it really has returned I find the link between 9.0.1 (where the bug first surfaced) and 9.2.1 worth looking at. At the time 9.0.2 was being released to fix this a Beta of 9.2.1 was being released with the bug in tact. Obviously this should have been removed from the final release..... that's the idea of testing but..

Cheers
Julian
Jubs

1 Posts
I guess you're referring to this:
http://www.securityfocus.com/archive/1/537708
Anonymous

-

Sign Up for Free or Log In to start participating in the conversation!