There’s a bug in Apple’s iOS 5 that would allow anyone to look into your photos without using a password — users would only have to click on the camera button on your iPhone to access all the images.
Consultant Ade Barkah has discovered that Apple sets the security of the images stored in your phone based only on the date. If a photo was taken in a date prior to the actual date on the phone, the photo will not be visible. But if you set the date back in time, any photo taken from that date will be accessible even if the phone is locked.
Fortunately, this is something that most users will not experience. Nobody goes around setting the date back in time. The most important thing, however, is that using date is a crap way to set up security of your images:
The point to all this is that Apple should not rely on a simple timestamp to restrict image access. Changing the iPhone’s clock — forwards or backwards — should notaffect its security. We can’t guarantee the clock will always monotonically more forward, and when it doesn’t, the system should fail-secure.
Yes, that’s crap indeed. Apple should know better. [Peekay via Zdnet]