It appears that yet another bug cropped up in Apple’s latest iPhone iOS 7 firmware. The latest finding apparently lets you bypass the user password and deactivate the Find my Phone feature, hiding it from the iCloud.com page on which you can effectively track its location in case of losing it or having it stolen.
It is reported that replicating the bug is simple enough, and that repeated attempts were successful, according to MacRumors. The exploit was found on the current 7.0.4 firmware and can be performed by making a few changes to the iCloud account menu as shown in the video below.
MacRumor reported to have replicated the exploit on firmware 7.0.4, but could not replicated it on the upcoming 7.1 firmware, leading to the possibility of it being fixed in the upcoming firmware release. To be noted is that the exploit can disable Find my Phone and have the iOS device erased, but it will not bypass Apple’s Activation Lock theft deterrent system. The handset will still be rendered unusable since it will always ask for the Apple account password for every action, such as downloading an app.
It is also noted that the exploit works on devices that do not have Touch ID or Passcode enabled, therefore it is recommended to enable at least the Passcode on your handsets if you do not own an iPhone 5s, at least until the iOS 7.1 firmware gets released and the exploit fixed.