Security experts have found a new critical vulnerability in the latest build of iOS 12.1. Using the exploit, hackers managed remote way to access deleted iPhone photos, restore them, and then upload the images on their own device. According to the hackers, this vulnerability affects not only the mobile operating system Apple, but also Android.
Problem found security experts Amat Kama and Richard Zhu in the framework of a special competition. The flaw was found in Safari. Using a vulnerability in the JIT compiler, and malicious access point Wi-Fi, experts managed to gain access to all remote images iPhone. In this case we are talking about the folder “Recently deleted”. The vulnerability does not affect the photos stored in the device’s gallery.
Although the problem was deemed critical, its practical application can be difficult. It is necessary that the smartphone was connected to a special wifi point that needs to be configured in a special way.
What is particularly interesting, the vulnerability affected devices running Android operating system. Experts were able to circumvent the protection and access the remote images on the Samsung Galaxy S9 and Xiaomi Mi6.
As a demonstration of the vulnerability took place at the event Mobile Pwn2Own, the hackers received for their discovery cash consideration of $ 50,000.
According to the experts, all the necessary data were transferred to Google and Apple and the developers are already working on a patch. Most likely a security issue would be fixed with the release of iOS 12.1.1, which is currently in the beta phase.