CVE-2010-1754

Vulnerability

CVE-2010-1754 affects Passcode Lock in Apple iOS versions before 4 on iPhone and iPod touch. The bug lies in how the system handles alert-based unlocks (e.g., incoming call or notification dialogs) in conjunction with subsequent Remote Lock operations triggered through MobileMe. When a device is unlocked via an alert and then a Remote Lock command is sent, the passcode requirement may be bypassed. Affected versions include iOS 2.0 through 3.1.3 on iPhone 3G and later, and iPod touch (2nd generation and later) [1].

Exploitation

An attacker must have physical proximity to the device and be able to interact with the locked screen. The exact sequence involves triggering an alert that allows temporary access (such as answering a call or replying to a message) and then having a Remote Lock command issued via MobileMe. The combination of these events results in the device being unlocked without requiring the passcode. The attack likely requires timing or specific user interaction, though the precise vectors are unspecified in the advisory [1].

Impact

A physically proximate attacker can bypass the device's passcode lock, gaining unauthorized access to the user's data, applications, and settings on a locked iPhone or iPod touch. This compromises the confidentiality and integrity of personal information, potentially exposing contacts, messages, emails, and other sensitive content stored on the device. The attacker does not gain elevated privileges but rather direct access at the user's privilege level.

Mitigation

Apple addressed this issue in iOS 4, released on June 21, 2010. Users are advised to update their devices to iOS 4 or later via iTunes. There is no known workaround for older versions; upgrading is the only mitigation. The vulnerability is not listed on CISA's KEV as of the publication date [1].