While there is an a debate around the security or insecurity of the iPhone 5s' fingerprint reader, Apple has confirmed a vulnerability of the iphone's old-fashioned lock screen that leaves users' e-mail, photos, Twitter, and other apps open to being used without permission.
The bug was discovered by 36-year-old Jose Rodriguez, who lives on the Canary Islands off the coast of Spain and was first reported by Andy Greenberg over Forbes
. It is is very simple to exploit - swipe up from the lock screen to access the new Control Center, then open the alarm clock app. Hold the phone's sleep button, but instead of swiping to power down the phone, tap cancel and double-tap the home button to access the multitasking screen. From there, you can jump to the camera and share stored photos, which gives you access to the user's communication accounts such as e-mail, Flickr, Facebook, Twitter, and others.
The exploit has been tested successfully on iOS 7 when running on the iPhone 4S, 5, 5C, and 5S, and the most recent iPad model.
Apple spokeswoman Trudy Muller said that the company was preparing a fix that it would deliver as an update to iOS 7 when it was ready.
But for now, if you already own an iPhone 5s or an iPhone 5c, you may be interested in downloading the iOS 7.0.1 update
released on Friday, which contains "bug fixes and improvements." It is available via iTunes and wirelessly. According to users who have downloaded and installed it onto their new iPhones, the update patches a bug that prevented users from using the fingerprint scanner on the iPhone 5s to authenticate iTunes purchases, forcing them instead to go back to tapping in a passcode.
Meanwhile, a contest to crack the iPhone 5s' fingerprint scanner in in progress.
A micro venture capital firm joined a group of security researchers to offer more than $13,000 in cash along with other goodies to the first hacker who breaks the device in a contest promoted on the website istouchidhackedyet.com/.
Data used for verification is encrypted and stored in a secure enclave of the phone's A7 processor chip. No information is sent to any remote servers, including Apple's iCloud system.
It's common bugs disclosed by "white hats" to be patched by manufacturers, preventing criminal exploitation.