Apple blogger Miguel Alvarado noticed the bug and published his findings in a short YouTube video, outlining the fault
New York: Miguel Alvarado realised that when deleting an iCloud account or restoring a device’s settings it was necessary to disable the Find My iPhone feature. In doing so, Find My iPhone requires the associated password from the iCloud account to be entered. This security feature is intended to prevent thieves from simply removing the account to avoid being tracked.
What Alvarado discovered was that by tapping both the ‘delete account’ and ‘disable Find My iPhone’ switches at the same time, anybody with the phone is able to bypass the tracking feature.
When the potential thief is then asked for a password, all they need to do is restart the phone and go back into the iCloud settings panel where the account can be deleted without the need for a password.
Alvarado hopes that by publishing his findings, attention to the issue will encourage Apple to fix the bug. “This video is intended for educational purposes only,” he said. “Please share it, so Apple can fix the bug soon. Make sure you always have a passcode lock on your device or this could happen to you if your iOS device gets lost or stolen.”
It is the second embarrassing lapse for Apple in as many months, with the firm recently releasing a security fix for iOS 7 after a major flaw was discovered that allowed hackers to intercept email and other communications. Apple is yet to comment on the latest software glitch report.