The only comforting thing is that it can’t be carried out in a few seconds.
With only a week left before Apple rolls out its new operating system iOS 13, a major security flaw has already been found. It is being reported that a security vulnerability in both iPhone 11 and 11 Pro could let an attacker gets his hands on all stored contact information, Jose Rodriguez, a security researcher has revealed.
Rodriguez, in his tweet dated September 13, shared a YouTube video link with the caption, “With No Enter the Passcode you can See Contacts info. iOS 13 Feature. Read description please. Will Apple change this feature before the release of iOS 13?”
“With No Enter the Passcode you can See Contacts info. iOS 13 Feature. Read description please.”https://t.co/0HyWmukeLq
Will Apple change this feature before the release of iOS 13❔
— Jose Rodriguez (@VBarraquito) September 13, 2019
Security Researcher Jose Rodriguez also told The Verge that he had notified Apple on July 17th, however, it is still running on the Gold Master (GM) version of iOS 13 which will be rolled out on September 19th.
However, it is not an operation one can carry out remotely. An attacker needs physical access to the phone and will need to make a call or a FaceTime call from another phone. The attacker will then be required to activate the voiceover feature along with some complex sequence of responses. This will enable the attacker to obtain phone numbers, email addresses, address information, and other items from the list of contacts.
The only comforting thing is that it can’t be carried out in a few seconds. You will need to be physically away from the phone for quite a while.
Apple is already on its way to fixing the exploit with Rodriguez confirming in The Verge report that the exploit seems to be fixed in beta of iOS 13.1, which the iPhone maker plans to roll out on September 30th.
The lockscreen bypass issue has repeatedly bothered the iOS. The same issue cropped up in the iOS 6.1, iOS 7 and iOS 8.1.