The iPhone 2.0.2 security flaw — and its temporary fix
A security flaw in the new iPhone 2.0.2 software was uncovered last night by a MacRumors forum user. To expose the flaw you must have your iPhone password protected. When you turn on the phone and get to the “Enter Passcode” screen, hit the “Emergency Call” button. From here, double click the main iPhone button and you’ll be taken to your phone’s “Favorites” menu. This should not happen.
The problem is that from this menu I can make calls to or text message anyone on the favorites list. You can also see all of their contact information. If they have hyperlinks in their Info area, you will also be able to browse the web. If they have an email address, you will be able to email them. All of this can be done without entering the password for your iPhone. Obviously, that’s a big problem.
Expect Apple to have a fix for his soon. Until then, Cult of Mac points out an easy temporary fix. Go to your phone’s Settings, click on the General button, and select “Home Button.” Here, change the default action for double-clicking the home button to “Home” instead of “Phone Favorites.
[photo: flickr/flomiscuous.com]
Next Story: FriendFeed adds new widget features; get ready for FriendFeed-powered live blogging on VentureBeat
Previous Story: Mozilla Labs’ Aza Raskin talks about the big picture for Ubiquity
About the Author, MG Siegler
MG Siegler writes about technology trends and new media for VentureBeat, with a focus on mobile topics, social elements and key news stories. Before that, MG wrote about technology on his blog, ParisLemon. Originally from Ohio, MG attended the University of Michigan where he studied film. He's previously lived in Los Angeles where he worked in Hollywood and in San Diego where he did web development. He now lives in San Francisco.