Full Report
University student says he plans to move to Android, but concedes iOS engineers acting fast Apple is finally working on a fix for a bug that has locked some users out of their iPhones for months, The Register understands.…
Analysis Summary
# Vulnerability: iOS Czech Keyboard Passcode Lockout via Character Removal
## CVE Details
- **CVE ID**: Not yet assigned (Pending Apple advisory)
- **CVSS Score**: N/A (Functionally, this acts as a Permanent Denial of Service to the device's data)
- **CWE**: CWE-436: Interpretation Conflict / CWE-1289: Improper Input Validation
## Affected Systems
- **Products**: Apple iPhone
- **Versions**: iOS 26 (Initial release, September 2025)
- **Configurations**: Devices using the **Czech keyboard** layout with a **Custom Alphanumeric Passcode** containing the **caron/háček (ˇ)** character.
## Vulnerability Description
The flaw is a regression/breaking change in the iOS 26 keyboard layout. In the transition to iOS 26, Apple engineers modified the Czech keyboard software, effectively removing the caron/háček (ˇ) character or replacing it with a duplicate of another character.
Users who utilized this specific character in their alphanumeric lock-screen passcode prior to the update are unable to input the correct sequence post-update. Because the iOS lock screen restricts input to the current system keyboard, there is no mechanism for the user to "type" their original passcode, resulting in a persistent lockout.
## Exploitation
- **Status**: Not exploited (Functional bug/Logic flaw)
- **Complexity**: Low (Triggered automatically by OS update)
- **Attack Vector**: Local (Software Update)
## Impact
- **Confidentiality**: None
- **Integrity**: None
- **Availability**: **High** (Users are permanently locked out of the device, rendering data inaccessible without a factory reset/data wipe).
## Remediation
### Patches
- **In Development**: Apple is reportedly working on a fix to be included in a subsequent **iOS 26.x** release.
- **Recommendation**: Affected users should monitor for the next minor or major iOS update via iTunes/Finder (since the device cannot be unlocked to update via OTA).
### Workarounds
- **Factory Reset**: Users can restore the device to factory settings; however, this results in **total data loss** unless a backup exists.
- **Remote Unlock**: If "Find My" is enabled, erasing the device remotely is possible, but again results in data loss.
- **External Keyboards**: (Unverified) Attempting to use a Bluetooth keyboard or USB keyboard via camera adapter might allow the input of the missing character if the HID (Human Interface Device) mapping still supports the character code.
## Detection
- **Indicators of Compromise**: Device rejects a known-good alphanumeric passcode immediately following an update to iOS 26.
- **Detection Methods**: Visual inspection of the Czech keyboard layout on the lock screen; checking for the absence of the caron/háček (ˇ) key or the presence of duplicate characters.
## References
- **Vendor Advisories**: None (Apple has not yet commented publicly).
- **Relevant Links**:
- hxxps[://]www[.]theregister[.]com/2026/04/17/apple_passcode_bug/
- hxxps[://]www[.]reddit[.]com/r/iphone/ (Original report by user Connor Byrne)