Security experts have found a new critical vulnerability in the latest build of iOS 12.1. Using the exploit, the hackers managed to remotely access the deleted photos of the iPhone, restore them, and then download the resulting images to their own devices. According to hackers, this vulnerability affects not only the Apple mobile operating system, but also Android.
The problem was found by security experts Amat Kama and Richard Zhu in a special contest. The flaw was found in the Safari browser. Using a vulnerability in the JIT compiler, and a malicious Wi-Fi access point, the experts managed to get access to all the deleted iPhone images. In this case we are talking about the folder “recently deleted.” Importantly, the vulnerability does not affect the photos that are stored directly in the device gallery.
Although the problem was recognized as critical, its practical application may be some difficulties. It is necessary that the smartphone is connected to a special Wi-Fi point, which must be configured in a special way.
What is especially interesting, vulnerabilities were exposed to devices running the Android operating system. The experts were able to bypass the protection and get access to remote images on the Samsung Galaxy S9 and Xiaomi Mi6.
Since the demonstration of the vulnerability took place at the Mobile Pwn2Own event, hackers received a cash reward of $ 50,000 for their find.
According to experts, all the necessary information was transferred to Google and Apple and the developers are already working on the patch. Most likely the security issue will be resolved with the release of iOS 12.1 .1, which is currently in the beta testing phase.