iPhone Bug

If you downloaded Apple’s latest iOS to fix last month’s passcode vulnerability for the iPhone, you’ll be dismayed to learn that another security flaw has recently been discovered in the latest iOS version, 12.0.1. 

Read on to learn more about this latest vulnerability, whether or not a solution has been issued by Apple, and what you can do in the meantime.

The New iPhone Vulnerability

If you have a current iPhone, including iPhone X and XS models, and you are running either iOS 12 or iOS 12.0.1, your phone could be vulnerable to exploitation of your private photo library.  It was recently discovered that anyone with physical access to your iPhone, even if it is locked, can gain access to your photo album. 

The exploitation occurs through the use of Siri and your VoiceOver screen reader — potentially allowing hackers to gain access to private photos, allowing them to select the ones they desire, and then sending the photos to anyone who uses Apple Messages.

The vulnerability does require a hacker to follow certain steps in order to gain access.  Initially they call you and then reply to their phone by way of a text message from your phone.  They then ask Siri to enable VoiceOver.  Employing the use of your phone’s camera, Siri and VoiceOver, the hacker eventually reaches your photo library. 

Using VoiceOver to describe the various photos, the hacker can select specific photos and send them through your phone’s text feature to any phone number they desire.  For a complete list of steps, click here

Solutions

Given the very recent discovery of this exposure, Apple has yet to provide a security patch for iPhone users.  Currently they are recommending that users disable Siri, thus preventing any private photos from becoming exploited.

If you would like to know more about recent iPhone security vulnerabilities, please contact us.