A vulnerability in iOS 4.1 allows anyone to bypass an iPhone’s security passcode.
The flaw was inadvertently discovered by “jordan321” and reported on the Macrumors forums.
“When you iPhone is locked with a passcode tap Emergency Call, then enter a non-emergency number such as ###. Next tap the call button and immediately hit the lock button. It should open up the Phone app where you can see all your contacts, call any number, etc.”
He says that his phone is jailbroken, buts subsequent comments confirm that the flaw is also present on phones that haven’t been hacked.
Daring Fireball blogger John Gruber says that while he can reproduce the flaw in iOS 4.1, he cannot running the latest beta of iOS 4.2, suggesting that Apple has been aware of the problem and acted accordingly.
iOS 4.2 is due to be released in November.
