FaceTime group call exploit hits Apple’s iOS 12.1

Newest APPLE’S IOS 12.1 UPDATE doesn’t just bring CPU throttling to the iPhone 8 and iPhone X, but also comes with a security flaw that allows the lockscreen to be bypassed and provides access to all the contacts on the phone.

Security researchers discovered the bypass and posted a video of it on YouTube demonstrating how the lockscreen’s passcode could be bypassed by using the new FaceTime group calling feature.

It involves turning on airplane mode at the right moment and having physical access to an iPhone running iOS 12.1 – the exploit doesn’t work on another version of iOS, but it does look fairly straightforward to exploit and gain access to the contacts on the handset.

The exploit is pretty similar to another one found in iOS 12.0.1 which with a bit of adept timing could allow access to an iPhone’s photos.

Again, direct access was needed to bring the exploit to bear, so one could argue that if you leave you’re iPhone lying around and out of your sight you’re asking for such problems.

That being said, if you have your iPhone snatched out of your hands, by say some opportunistic thief on a bicycle, the exploit could be used by said thief to peruse your contacts and potentially cause all manner of havoc with that information.

This isn’t good news if you’ve just dropped a grand plus on a swish new iPhone XS. But we suspect Apple will patch out the problem pretty sharply, but if you’re an iPhone user we’d suggest you make sure it doesn’t fall into the wrong hands.

Apple doesn’t seem to have a great history of making lockscreens that are pretty secure, as there have been plenty of instances in the past where said screen can be bypassed, sometimes fairly easily and at other times requiring some long-winded techniques.


 

Have something to say about this article please comment below. If you want to send us your articles to publish on our site send us e-mail on [email protected] and follow our Instagram account @security.land and join thousands of our fans.

Recent Articles

Hackers Install Secret Backdoor on Thousands of Microsoft SQL Servers

Cybersecurity researchers today uncovered a sustained malicious campaign dating back to May 2018 that targets Windows machines running MS-SQL servers to deploy...

COVID-19: SentinelOne Offers Free Platform Access

As the world battles COVID-19, enterprises are coping with immediate work-from-home needs and the challenges of protection beyond the network perimeter, says...

XSS vulnerability in the HTML Data Processor for CKEditor 4.0

A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web...

Unpatchable Flaw Affects All Intel CPUs Released in Last 5 Years

All Intel processors released in the past 5 years contain an unpatchable vulnerability that could allow hackers to compromise almost every hardware-enabled...

Photon: Light and Fast Web Crawler

Photon is a lightning fast web crawler which extracts URLs, files, intel & endpoints from a target. 160 requests per second while extensive...

Related Stories

Leave A Reply

Please enter your comment!
Please enter your name here

Stay on op - Ge the daily news in your inbox