Apple iOS pass code authentication vulnerability discovered by Vulnerability Lab

The guys at Vulnerability Lab have found an Apple iOS vulnerability which allows them to bypass Apple iOS products which run on v8.x and v9.x.

Vulnerability Lab has published the advisory information, and in that piece they explain that the vulnerability is located in the iPad 2 & iPhone 5 and 6 hardware configuration with iOS v8.x and v9.x;

Apple iOS vulnerability

The vulnerability is located in the iPad 2 & iPhone 5 & 6 hardware configuration with iOS v8.2 – v9.2 when processing an update which results in a interface

loop by the application slides. Local attacker can trick the iOS device into a mode were a runtime issue with unlimited loop occurs. This finally results in a temporarily deactivate of the pass code lock screen.

They continue to explain that;

By loading the loop with remote app interaction we was able to stable bypass the auth of an iphone after the reactivation via shutdown button. The settings of the device was permanently requesting the pass code lock on interaction. Normally the pass code lock is being activated during the shutdown button interaction. In case of the loop the request shuts the display down but does not activate the pass code lock.

Vulnerability Lab also explains that the exploit is found on non-jailbroken Apple iPhone mobiles.

Proof of Concept (PoC):

1. First fill up about some % of the free memory in the iOS device with random data

2. Now, you open the app-store choose to update all applications (update all push button)

3. Switch fast via home button to the slide index and perform iOS update at the same time Note: The interaction to switch needs to be performed very fast to successfully exploit. In