The exploit gives an attacker full access to a user’s photo library, which means that they can then tweet and email photos saved on the device without needing a passcode. That means that an attacker could tweet or email whatever content they wanted. While this attack doesn’t seem to indicate a massive security problem, letting an attacker have free reign over posting messages to your Twitter account or sending out emails is still a problem.
Here’s how it works:
I’ve confirmed that the exploit works on both my iPhone 4S and my 4th-generation iPad. Judging by other reports, it looks like it affects all devices running iOS 7.
Apple has told Forbes that it’s working on a fix that will be pushed out in an upcoming software update.
The good news is that until Apple updates iOS 7, there’s an easy fix for the attack that you should probably set up anyway. Since the attack relies on Control Center being available on your lock screen, you can go into settings, Control Center, and toggle “Access on Lock Screen” off.
For more tips about how to get the most out of your iOS 7 install, check these out.
Blair Hanley Frank is a technology journalist based in the San Francisco Bay Area. He has also worked for Macworld, PCWorld and TechHive. He can be found on Twitter @belril.