[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    Re: [Full-disclosure] Apple iOS v6.1 (10B143) - Code Lock Bypass Vulnerability #2
From:       Vulnerability Lab <research () vulnerability-lab ! com>
Date:       2013-02-20 1:58:12
Message-ID: 51242DB4.7030407 () vulnerability-lab ! com
[Download RAW message or body]

Hey Kirils Solovjovs,
the secound issue is different to the once reported some days ago to
heise online.
The heise online issue (reported by another person) for example allows
with pressed button (only) to handle some of the functions like calls,
voicemail, contacts like you see in the video.

The secound issue allows you to bypass the code lock by using the
screenshot function which results in a blackscreen with the blue
standard template status bar. Attackers do not need to hold any button
or call
the emergency itself to bypass the login.

So why should i report an issue of another researcher? The combo to use
it and the reproduce is totally different.  I do not know him and
decided to drop my bug also after waiting 4 month. His issue was
reported 1 year ago and i like + respect it. Thats all. ;) After
Jerookie flamed around we also droped a message on twitter to make sure
both issues are different. It is the same bullshit he did when we
released the skype bug and msrc confirmed we have a seperate one. Thats
all ~bye

-- 
VULNERABILITY RESEARCH LABORATORY
LABORATORY RESEARCH TEAM
CONTACT: research@vulnerability-lab.com


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[prev in list] [next in list] [prev in thread] [next in thread]