The bug was discovered by Youtube user Miguel Avarado, who uploaded his findings to the video website on Wednesday, and which you can watch below.
The exploit involves hitting the "delete account" and the toggle to turn off Find my iPhone buttons at the same time, which according to reports is not easy to do. This will then display a password prompt, and when that is seen, the exploit requires the iPhone pilferer to switch off the device. Once the phone has been restarted, the
iCloud account can be removed without being prompted for a password.
While this sounds bad enough, from here the iPhone can be restored, and because Find My iPhone had previously been disabled, Activation Lock will not be required.
This is not good news for iPhone users, as it means that a thief can disable tracking for the device and can easily remove its owner's information.
At present, the only fix for this bug is to add a passcode to the device. Apple has yet to acknowledge the problem so it's unclear if a fix is coming, but Avarado is hoping that his video will get the firm to pay attention.
He said, "This video is intended for educational purposes ONLY. Please share it so Apple can fix this soon. Make sure you always have a passcode lock on your device or this could happen to you if your iOS device gets lost or stolen."
Perhaps worryingly, a similar flaw was discovered in
iOS 7 in February that also allowed Find My iPhone to be disabled. This was patched in iOS 7.1.