A bug in iOS 7 allows users to disable Find My iPhone without entering a password, says a report in MacRumors. The security flaw affects iPhones and iPads that are running iOS version 7.0.4.
Deactivating Find My iPhone can be accomplished by making a few basic changes in the phone’s iCloud account. Unlike other settings that require a password, this method allows a malicious person to disable Find My iPhone and delete the iCloud account on an iPhone without entering a password.
This is a potentially serious flaw that would allow a stolen phone to be removed from the Find My iPhone service. Once removed from Find My iPhone, the former user has no way to track the device. Locating a phone is the first step in finding it, and Find My iPhone which has a proven track record of helping users recover lost and stolen devices.
iPhone and iPad owners who want to protect their devices should setup Touch ID or a password on their device. This would prevent a user from accessing the settings and iCloud menu on a device. Users should also install iOS 7.1 when it is publicly released as it allegedly does not contain this flaw.