A user on Twitter has posted a message about a potentially nasty bug found on the iPhone and iPod touch firmware. This user, rpetrich, discovered the exploit, which can reveal users' passwords on the devices, according to ModMyi.com.
The bug only works in certain scenarios and doesn't pose a risk to users everywhere, unless somebody nearby gets a hold of your iPhone or iPod touch. The bug can be exploited in almost every available application that stores passwords; this includes your saved email account passwords.
The bug can reveal all characters, except the very first character in the password field. That is unless a user places a random character at the beginning of the password, then all characters can be revealed. The trick works when a password field is present with a saved password in it, a user can delete one character at a time, starting from right to left and shake the phone, press "undo typing" to reveal the hidden character.
This trick seems to only be present in firmware 2.0 and 3.0, but is apparently patched in the recently released 3.1 firmware.
This video demonstrates how the trick is possible:
21 Comments - Add comment