A new passcode bypass has been demonstrated in iOS 6.1.3, an update released to patch a previous passcode bypass hack discovered in February. A video posted to YouTube demonstrates a series of steps that gives a user access to your iPhone's phone, contacts, and photos even when the device is locked with a passcode.
The flaw was published by YouTube user "videosdebarraquito," the same user who discovered and demonstrated the previous exploit. Apple patched that flaw on Tuesday, but by Wednesday, videosdebarraquito had posted the new flaw.
By initiating a call via voice dialing and popping out the SIM card on the iPhone before the call actually takes place, the device pops up a warning about the SIM card and then shows the dialer screen.
From there, users can access the iPhone's contacts, including the ability to add a contact or edit existing contacts. Through the contact editing or creation process, it's also possible to view the iPhone's photo library.
Here's the video:
According to videosdebarraquito, you can protect yourself against this particular exploit by turning off the Voice dialing feature found under the Passcode section of your iPhone's General preferences, as shown in the screenshot below.
Voice Dial Preferences
Note that "Voice Dialing" is only available when Siri is turned off.