A latest vulnerability has discovered in Apple’s latest iOS, 12.0.1, which was released last week, that basically allows any attacker with a physical access to an iPhone entry into the photos on a locked phone, according to the Jose Rodriguez, a Spanish Security Researcher.
While the bypass bug, which was reported by The Hacker News, which do require an attacker to have a physical access to an iPhone, Any malicious hacker can easily still can access the photo albums and send those selected pictures using Apple Messages even if the mobile phone is locked.
Rodriquez who reported this bug and provided a proof-of-concept video via YouTube in which he has demonstrated various steps of the attack, which basically starts with an incoming call to the targeted iPhone.
After tapping the “message” an option on the iOS call screen, Rodriquez who selected the “custom” option, which then displayes the Message user interface, at which point he entered the random letters even before calling on Siri to activate the VoiceOver.
This recent and latest bug which comes only two weeks ahead where Rodrigquez who discovered two similar VoiceOver vulnerabilities that gave unauthorized access to the user to contact and phones, according to the AppleInsider.
When the conditions of the bug are met, than the iPhone displays a black screen. A left swipe on the black screen which delivers an attacker to the photo library.
In total, this attacks is about 10 steps process which works on all of the current iPhone models running the latest version of the Apple mobile operating system, which do includes the iPhone X and XS devices.