Apple struggles to keep its mobile and computer operating systems as inaccessible by hackers as possible. However, while some vulnerabilities might be useful for the community, such as those that allow programmers to develop iOS jailbreak solutions, others are exposing users to privacy leaks. Now, an iOS 12.0.1 security flaw allows malevolent people, once they achieve physical access to the device, to access the photo album and send images to whoever they want via Apple Messages.
The cybersecurity company ESET, the owner of NOD32 Antivirus, among others, has warned about this failure in Apple’s operating system, which powers iPhone and iPad devices. According to ESET, everyone who takes another’s Apple device running iOS 12.0.1 can access the photo album, bypassing the secure authentication process.
According to the ESET security researcher Jose Rodriguez, the security flaw lies in the possibility of taking advantage of Siri and VoiceOver to break the authentication of an Apple device running iOS 12.0.1.
A new iOS 12.0.1 security flaw is exposing users to a significant privacy leak
The privacy vulnerability is present in all iPhone models, including iPhone XS and XS Max, as well as iPad devices that are working with the latest version of the iOS operating system, the iOS 12.0.1.
Due to this iOS 12.0.1 security flaw, an unknown, malevolent person who gains access to an Apple device will be able to skip the authentication process, be it FaceID, password, or so on, and access the photo album and send pics to whoever he/she wants. According to ESET, “Apple is aware of the existence of this bug and is expected to launch an update shortly to repair it.”
In the meantime, the cybersecurity company urges users not to leave their phone within reach of unknown persons, as the only way to exploit the iOS 12.0.1 security flaw is to have physical access to the device.