iOS 6 Bug Lets Institutional Users Bypass “Don’t Allow Changes” Account Restriction, Install Unapproved Apps

For those of you that are unfamiliar, iOS 6 received some beefed up Restriction settings when it was released, allowing users to select “Don’t Allow Changes” for an entire account linked to an iOS device. This option was particularly useful for schools and other organizations that wanted to limit a device to a specific account and keep students and others from installing apps not approved by the institution. Without the restriction, students or employees could easily change the iTunes account linked to the iOS device. Unfortunately, as noticed by one frustrated 9to5Mac reader, it appears there is several backdoor methods of bypassing the setting…

As highlighted in the video, while users can no longer change the account in the Settings app after enabling the “Don’t allow changes” setting, they can still change accounts directly in the App Store and iTunes apps. For teachers and organizations trying to prevent users from installing unapproved content, the bug is clearly an oversight on Apple’s part.

Apple has confirmed to our source that the problem is indeed a bug that needs to be fixed. However, Apple didn’t confirm when a fix for the “Don’t allow changes” bug would arrive. Apple’s temporary solution is to turn off the “Installing Apps” option within Restrictions. Unfortunately, as noted in the video above, that prevents organizations from pushing apps and allowing users to update apps.

We’ve reached out to Apple and will update if we hear back.

A number of other bugs have popped up in recent weeks, including the “Continuous Loop” Exchange bug and a passcode vulnerability both related to iOS 6.1 bugs. Apple has confirmed fixes for these issues are in the works and a 6.1.2 software update is expected as early as next week. 

For more and to watch a video demonstration click the source link below:

Source: 9 to 5 Mac

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s