Apple has yet another security bug to squash in iOS 6.1.2 (or whatever incremental release they decide on next).
A person working in an education environment has published a demonstration video (embedded above) to show how anyone with physical access to an iDevice can bypass the setting for “Don’t Allow Changes” for an App Store account in iOS 6.
Using an education account, school administrators can push out apps to students. The students, for their part, can easily download content (such as updates) without having to log into the App Store.
However, with this bug on everyone’s radar now, schools are forced to switch off the functionality. Apple is reportedly aware of the issue and is working on a fix. A release date is currently unavailable.
iOS 6 is plagued by numerous bugs, including a couple of security issues that need immediate addressing.
According to a recent rumor, Apple will deploy iOS 6.1.2 with said fixes as early as this week.