A new vulnerability discovered in Apple’s latest iOS, 12.0.1, released last week, allows an attacker with physical access to an iPhone entry into photos on a locked phone, according to Jose Rodriguez, a Spanish security researcher.
While the bypass bug, reported by The Hacker News, does require that an attacker have physical access to an iPhone, an attacker could still access the photo albums and send selected pictures using Apple Messages even if the phone is locked.
Rodriguez reported the bug and provided a proof-of-concept video via YouTube in which he demonstrated various steps of the attack, which starts with an incoming call to the targeted iPhone.
After tapping the “message” option on the iOS call screen, Rodriguez selected the “custom” option, which then displayed the Messages user interface, at which point he entered random letters before calling on Siri to activate VoiceOver.
This latest bug comes only two weeks after Rodriguez discovered two similar VoiceOver vulnerabilities that gave unauthorized access to user contacts and photos, according to AppleInsider.
When the conditions of the bug are met, the iPhone displays a black screen. A left swipe on the black screen delivers an attacker to the photo library. As Rodriguez demonstrated in his proof of concept, a double tap then returns him to the Messages app where he is able to insert images into the Messages text box.
In total, the attack is a 10-step process that works on all current iPhone models running the latest version of the Apple mobile operating system, including the iPhone X and XS devices.
Though the bug is concerning, the attacker must have a “certain level of precision” to perform the process and achieve the desired outcome, said AppleInsider.