iOS 13 ships with known lockscreen bypass flaw that exposes contacts

by
Dan Goodin
from Ars Technica - All content on (#4QTNP)
ios13-lockscreen-bypass-800x450.jpg

Enlarge (credit: Jose Rodriguez)

Apple released iOS 13 with a bunch of new features. But it also released the new OS with something else: a bug disclosed seven days ago that exposes contact details without requiring a passcode or biometric identification first.

Independent researcher Jose Rodriguez published a video demonstration of the flaw exactly one week ago. It can be exploited by receiving a FaceTime call and then using the voiceover feature from Siri to access the contact list. From there, an unauthorized person could get names, phone numbers, email addresses, and any other information stored in the phone's contacts list.

Rodriquez's video was the topic of more than 100 news articles over the past week. Since iOS 13 was in beta when it first appeared, I assumed Apple developers would fix the bypass in time for yesterday's release. Alas, they didn't, and it's not clear why.

Read 4 remaining paragraphs | Comments

index?i=ebZ1-odeet8:e76q8S0p-Yw:V_sGLiPB index?i=ebZ1-odeet8:e76q8S0p-Yw:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments