- The iOS13 software reportedly allows hackers to raid a customer’s contacts list
- The bug was revealed by private cybersecurity expert Jose Rodriguez in July
- Once in possession of someone’s device, a person can bypass the password
Apple has been rocked by accusations that it failed to stamp out a privacy-compromising flaw in the brand-new iPhone update despite being alerted to it months ago.
The iOS 13 software which was rolled out yesterday reportedly allows hackers to raid a customer’s contacts list.
It comes as the new iPhone 11 goes on sale in the UK today after being launched at an event in California last week, with prices starting at £529.
The bug was revealed by private cybersecurity expert Jose Rodriguez who alerted the technology giant that he had found a ‘password bypass’ in July.
In a YouTube video he shows how when someone is receiving an incoming call it’s possible to navigate through the messaging system to coax the phone into automatically suggesting contacts from inside the phone.
Apple has been rocked by accusations that it failed to stamp out a privacy-compromising flaw in the brand-new iPhone update despite being alerted to it months ago
The iOS13 software which was rolled out yesterday reportedly allows hackers to raid a customer’s contacts list
He initially worked with Apple to fix the fault, but decided to expose it when he feared that it would not be stamped out before the software update was launched, according to CNN.
Once in possession of someone’s device, the Canary Islands-based tech enthusiast could sidestep the phone’s security – such as facial ID – and access the contacts database.
After discovering the flaw during iOS 13’s beta stage testing, Mr Rodriguez hoped to be given an Apple Security Bounty, which rewards non-company IT experts who highlight problems.
Mr Rodriguez posted a YouTube video showing how he could get through the iPhone’s defences.
The process starts when someone his calling him on FaceTime and, instead of answering the call, he taps the option to message the person instead.
Then when the new message pops up he chooses the option to add a second recipient to the message.
As he types in the beginning of a contact’s name it automatically suggests one from the address book.
In this way, people could access the contacts and most recently used contacts of anyone whose iPhone they had a hold of.
Apple has said that the bug will be fixed in the iOS 13.1 update on Tuesday.
iOS 13 is available for the iPhone 6S and later handsets, and is packed with an array of changes – such as picture editing, menstrual tracking and improved privacy features
Revelations of the glitch would have likely dismayed Apple, which has vowed to put customer privacy at the forefront of its latest product.
The update lets owners control location data by granting or denying certain apps access to their exact location.
A pop-up notification will appear when an app is using your location in the background.
The notification also shows a map of the location data the app has tracked and you can choose to let it follow you at all times or only when you are using the app.
Late last year, company chief executive Tim Cook endorsed tough privacy laws for both Europe and the US, and renewed the technology giant’s commitment to protecting personal data, which he warned was being ‘weaponized’ against users.
He said: ‘Our own information, from the everyday to the deeply personal, is being weaponized against us with military efficiency.’
source:dailymail