We recently reported on a flaw in iOS that would allow someone to bypass the iOS lockscreen by using Siri. Well, Siri’s off the hook this time. The new vulnerability, disclosed yesterday by Benjamin Kunz Mejri of Vulnerability Lab, involves breaking iOS’s Activation Lock feature, which you’d use if your iPhone or iPad were marked as lost via the “Find my iPhone” app.
The idea behind Activation Lock is that if someone steals your iPhone or iPad, or if you just misplace it, you can remotely lock out your lost device so no one else can try to use it, turn off “Find My iPhone,” or erase the device completely. Unfortunately this bug renders that safety protocol pretty much useless.
