Groundhog day —

One day after iOS 6.1.3, a new iPhone lock screen bug emerges

The old iPhone lock screen bug was fixed, making room for a brand new one.

Just a day after Apple released iOS 6.1.3, a new lock screen bug has been discovered that could give an attacker access to private information. The vulnerability is different from the passcode bug(s) addressed by Tuesday's iOS update, but the end result is similar: access to iPhone's contact list and photos.

The new lock screen bug was first documented by YouTube user videosdebarraquito, who posted a video demoing the procedure. The basic gist, seen in the video below, is to eject the iPhone's SIM card while using the built-in voice controls to make a phone call.

Bypassing the iPhone passcode lock on iOS 6.1.3.

There are a couple important things to keep in mind, though. For one, it seems like this bug applies to most modern iPhones, though apparently the procedure isn't as easy as it looks. The YouTube video above shows the hack being executed on an iPhone 4, and iphoneincanada was able to replicate it on an iPhone 4. TheNextWeb was able to replicate it on an iPhone 4S but not an iPhone 5. But the iPhone 5 didn't get away scot free, as German language site iPhoneblog.de appears to have been able to replicate the bug on that version of the phone. We have not yet seen a confirmed case of the bug existing on the iPhone 3GS, though it's probably safe to assume that it does.

The bug doesn't look to be related to Siri—rather, it's related to Apple's older Voice Control feature. If you have Siri turned on for lock screen functionality (which can be found in Settings > General > Passcode lock), the above procedure doesn't appear to work—so far, that is. Apple has not yet responded to our request for comment, but we'll update if we hear back.

Channel Ars Technica