Security researchers have discovered a flaw in both the iOS 10.1 and 10.1.1 update for Apple iPads, which allows potential hackers to bypass the activation lock feature in iOS that is supposed to prevent anyone from using the device marked as lost by its owner.
The first of the two bugs, which resided in the iOS 10.1 update was discovered by Hemanth Joseph, a security researcher in India who bought an unlocked iPad Air from eBay but found the device locked. He detailed the entire process of how he bypassed the lock feature in his blog.
Post this, Apple released the iOS 10.1.1 update that seemed to have eliminated the flaw Joseph discovered. However, researchers from Vulnerability Lab, examined an iPad following the update and found a buffer overflow exploit along with some iPad-specific bugs can be used to bypass the activation lock in iOS 10.1.1.
If exploited by potential hackers, the user's iCloud drive on the iOS device can be accessed along with personal data, documents, saved passwords and more. The exploit, however, relies on tricks that are not possible on iPhones running on the iOS 10.1.1.
As of now, Apple has not acknowledged the issue. But these flaws are generally fixed in upcoming updates. The next update scheduled for iOS users is the iOS 10.2 update whose fifth beta version is already out indicating the final over-the-air (OTA) version should soon be on the way.