Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Monday September 16 2019, @12:13PM   Printer-friendly
from the face-facts,-face-hacks dept.

Apple is planning to release iOS 13 next week, but one security researcher has already discovered a lockscreen bypass. The exploit allows you to bypass the lockscreen and gain access to all contact information on an iPhone. Jose Rodriguez discovered the exploit and revealed to The Verge that he reported it to Apple on July 17th, but it's still working in the Gold Master (GM) version of iOS 13 that will be released on September 19th.

Rodriguez discovered a lockscreen exploit last year for iOS 12.1, and this latest iOS 13 bypass uses a similar technique. It involves activating a FaceTime call and then accessing the voiceover feature from Siri to enable access to the contact list. You can then obtain email addresses, phone numbers, address information, and more from the list of contacts.

[...] Rodriguez says the exploit appears to be fixed in beta copies of iOS 13.1, which Apple is planning to make available on September 30th.

Source: iOS 13 exploit bypasses the lockscreen for access to contacts


Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
  • (Score: 0) by Anonymous Coward on Monday September 16 2019, @01:21PM (1 child)

    by Anonymous Coward on Monday September 16 2019, @01:21PM (#894590)
    • (Score: 0) by Anonymous Coward on Monday September 16 2019, @01:27PM

      by Anonymous Coward on Monday September 16 2019, @01:27PM (#894594)

      Cops love this one weird trick...

  • (Score: 1, Interesting) by Anonymous Coward on Monday September 16 2019, @01:31PM (1 child)

    by Anonymous Coward on Monday September 16 2019, @01:31PM (#894596)

    Rodriguez told Threatpost that though he reported the flaw to Apple in July, he did not get a reward for the report.

    “The issue got closed in mid-August, Apple had promised me a gift in rewarding for the reports, but finally I didn’t get anything, only a thank you,” he told Threatpost.

    That’s against the backdrop of Apple in August announcing that it is looking to boost vulnerability disclosure efforts from the security community by opening its historically private bug-bounty program to all researchers this fall.

    Rodriguez could have fed his family if he sold the exploit to Zerodium instead.

    • (Score: 2, Funny) by Anonymous Coward on Monday September 16 2019, @04:16PM

      by Anonymous Coward on Monday September 16 2019, @04:16PM (#894664)

      He reported the exploit wrong.

  • (Score: 3, Touché) by DannyB on Monday September 16 2019, @02:42PM

    by DannyB (5839) Subscriber Badge on Monday September 16 2019, @02:42PM (#894607) Journal

    Just because a feature is not talked about nor advertised does not mean we should be calling it an exploit.

    Different features appeal to different audiences.

    Those different audiences are non overlapping sources of revenue. (Or some other external non-monetary pressure being applied.)

    --
    People today are educated enough to repeat what they are taught but not to question what they are taught.
  • (Score: 0) by Anonymous Coward on Monday September 16 2019, @07:44PM

    by Anonymous Coward on Monday September 16 2019, @07:44PM (#894777)

    ... Apparently Threatpost can't pay for a real-time translator but instead does journalism using Google Translate. No possibility of misunderstandings that way, right?

(1)