This flaw isn’t exactly a new discovery since similar flaws have been discovered in previous versions of iOS; however, Apple is usually quick to fix them by way of an over-the-air firmware update. Apple’s most recent figures show that the vast majority of iPhone and iPad users are running an affected version of the software, accounting to many tens of millions of users.
Security researcher, Benjamin Kunz Mejri who discovered the flaw posted a proof-of-concept video on Facebook of the attack taking place. To perform a time-based attack to bypass the passcode, an attacker needs to have physical access to the device. Mejri said that a “local attacker can trick the iOS device into a mode where a runtime issue with unlimited loop occurs. This finally results in a temporarily deactivation of the passcode lock screen.” The researcher says that he informed Apple’s security team about this exploit on October 22nd 2015. It’s not exactly clear why the flaw was publicly disclosed now. Apple has still not released a fix, which leaves your iPhones vulnerable. It is possible that the bug could be patched by Apple in the upcoming iOS 9.3. Apple has not yet commented on this.
