Apple released its latest iOS 12.1 update to devices earlier this
week, and security researchers have already discovered a new lockscreen
bypass. The exploit provides access to all contact information on an
iPhone, and involves activating a FaceTime call and accessing the new
group FaceTime feature to see contact information without a passcode.
This particular exploit only works on iOS 12.1, and was discovered hours after Apple released the update on Tuesday.
We’ve tested this exploit and can confirm it works on iOS 12.1. It
follows yet another lockscreen bypass in the previous iOS 12.0.1 update
that allowed attackers to steal recent photos
from a device. Both attacks require physical access to an iPhone, and
are particularly troublesome for victims of domestic abuse or anyone who
leaves a phone unattended in a shared space.
Apple has a long history of lockscreen bypass bugs. A bug in iOS 6.1 back in 2013 allowed attackers to access phone records, contacts, and photos freely. iOS 7 also included a similar security hole, and researchers found a rather elaborate way to bypass the iOS 8.1 lockscreen just a few years ago. Lockscreen bugs with iOS are almost as common as Daylight Saving Time (DST) bugs, which Apple has struggled with over the years.
 |
| © Photo by Amelia Holowaty Krales |
COMMENTS