Apple reports that the upcoming Apple iPhone 2.1 firmware update in September will include a fix that could allow for disclosure of personal information when the device is locked. “The minor iPhone security issue which surfaced this week is fixed in a software update which will be released in September,” Apple spokesperson Jennifer Bowcock said in a statement.
Apple also admitted the flaw affects users of the iPod touch as well. As first discovered by Apple enthusiast sites including MacRumors, even when an iPhone is password-protected, anyone can gain access to the Favorites page by pressing the emergency call button, followed by two presses of the home screen button.
Unlike the “Favorites” page in a Web browser, the iPhone’s favorites page is like a “quick links” page that links to personal contacts and their phone numbers, e-mails, URLs, and text messages. They may not necessarily give away the ID of the iPhone’s owner to a thief, unless some of that information is embedded in a text message to a friend. And tapping on one those favorites could launch the browser, e-mail, or SMS applications — in which case, a thief could impersonate the iPhone’s owner.
Officials say that anyone concerned with the possible security hole can set the ‘double click’ button to just take the user to the Home screen. This simply takes the device back to the unlock screen is password protection is turned on.