iOS 6.1.3, which included a fix for the passcode bypass bug that would allow an unauthorized person to access the Phone app on a locked iPhone, has been launched recently by Apple. However, one day after the update it’s been reported that a new bypass bug has been discovered!
If the it required a series of well-timed taps and button presses in the previous iOS 6 versions to gain the full access to the Phone app on a locked device without entering the passcode, now it requires a sequence that’s a little easier to implement, but it’s much harder to accomplish it on newer, Siri-capable devices.
By holding the Home button on a device for a few seconds, the Voice Dial feature will come up – using which the bypass can be achieved. Here’s what the process looks like: you issue a dial command such as “Dial 303-555-1212”, then as the call is being started, remove the SIM card. The iPhone identifies the SIM has been ejected, cancels the call, and shows an alert saying there is no SIM. Behind the alert you will see the Phone app and after ignoring the alert, you will have full access to the Phone app. You’ll then gain the access to contact information as well as all photos on the device.
Though it doesn’t seem to be as easily reproducible on the iPhone 4S and 5 as well, reports are coming of this bypass being performed on these devices as well. However, it requires Siri to be disabled and Voice Dial to be enabled.
Despite the vulnerability news causing serious threats, this bypass can also easily be prevented by disabling Voice Dial via navigating to Settings app, under General > Passcode Lock, by turning the Voice Dial switch to off.