Recently, a bug was discovered in Apple iOS operating system that lets attacker disable Find my iPhone, considering it’s not protected by a passcode lock or Touch ID, and there’s no way for the owner to locate it using iCloud.com.
The bug was discovered by Bradley Williams, who showed it off as well, and requires users to make a few simple changes to the iCloud settings, even if they don’t know the password.
Apple’s Find My iPhone give users to locate, make sound and wipe out their lost or stolen device using iCloud’s interface, and is a pretty handy application. This vulnerability could put the devices at risk, and users will not be able to locate their device if they are not using any passcode.
The folks at Macrumors tried to see if the bug exists and check it on a device running iOS 7.0.4. It worked, but when tried on a device running the iOS 7.1 beta, it failed so it seems Apple fixed it in one of the betas.
This means the flaw will be fixed in the next update, that is, iOS 7.1 which is expected to hit the devices in March. In the meantime, it’s recommended to put a passcode on your device or use Touch ID if you’re in possession of an iPhone 5S. Stay safe.
Source: Mac Rumors