Impact
Due to incorrect usage of time-related APIs, it is possible to bypass the Auto-Lock functionality in Lockwise iOS by changing the system clock to a time in the past. This causes Lockwise iOS to think that the Auto-Lock timer has not yet expired and as a result the application will unlock without asking the user to authenticate themselves.
This requires access to an unlocked iOS device.
Patches
The issue has been patched in Lockwise iOS 1.8.0, which is available through the App Store.
Workarounds
No workaround is available. It is recommended to upgrade to Lockwise iOS 1.8.0.
References
This issue is documented and discussed in Bugzilla #1657178.
For more information
If you have any questions or comments about this advisory:
Credits
Reported by Arvind.
Impact
Due to incorrect usage of time-related APIs, it is possible to bypass the Auto-Lock functionality in Lockwise iOS by changing the system clock to a time in the past. This causes Lockwise iOS to think that the Auto-Lock timer has not yet expired and as a result the application will unlock without asking the user to authenticate themselves.
This requires access to an unlocked iOS device.
Patches
The issue has been patched in Lockwise iOS 1.8.0, which is available through the App Store.
Workarounds
No workaround is available. It is recommended to upgrade to Lockwise iOS 1.8.0.
References
This issue is documented and discussed in Bugzilla #1657178.
For more information
If you have any questions or comments about this advisory:
Credits
Reported by Arvind.