TUAW: iPhone 2.0.2 Security Flaw

[bacchus_3]

From TUAW: iPhone 2.0.2 security flaw makes private data accessible

Here's how it works:
1. You'll have to have some contacts set up with Favorites. If you don't have any favorites, looks like you'll be OK (I went in and added only one favorite, and that's all that appeared when replicating the issue).
2. Each contact setup as a Favorite would likely have an address, phone, email and possibly a link to their website, right? Those are the vectors of entry to the corresponding apps. So, when you get access (described next) using those features will launch those apps completely bypassing the passcode.
3. So you open the phone, and on the passcode screen you click "Emergency Call"
4. Now double-tap the Home button
5. Hey look, your Favorites! Clicking the blue arrow will take you to the contact info. Depending on what that contact has (email, website, etc.) you can access the corresponding applications, free of the concerns of passcode protections.

Basically, this flaw allows a person who gets hold of your iPhone to view contact details of all your Favorites' Contacts. As an update in the article, if you set your double-tap Home button to go to other apps like the iPod then that will show instead - a temporary workaround for those wary of exposing contacts in their Favorites.

[bacchus_3]

sorry guys for posting this again but HooHaw already has a thread here with source from Gizmodo. Mod's can you just merge this one with that thread?