iOS 12.1 Bug Lets Hackers Steal Deleted Photos, Apple Working On Fix

A pair of security researchers has combined their collective efforts to discover a vulnerability in Apple’s iOS platform. This vulnerability has allowed them to gain access to photographs which are supposed to have been deleted from the device. Apple has been informed of the flaw.

Richard Zhu and Amat Cama put their collective skills together at the Mobile Pwn2Own competition in Tokyo to discover the vulnerability that exists within the Just-in-Time (JIT) Compiler.

The discovery has meant that they were able to access photographs on an iPhone X running iOS 12 that had previously been entirely deleted from the device. From a user’s perspective, it’s reasonable to assume that a deleted photograph actually means deleted but that doesn’t appear to be the case with this bug.

It’s important to note that the issue within the JIT Compiler also means that it would be theoretically possible to get access to other supposedly deleted files on the device, and not just photographs. The pair of hackers managed to leave the Mobile Pwn2Own contest with the title of “Master of Pwn” and pocketed $50,000 for their efforts.

The work also involved the discovery and showcasing of several other mobile exploits to highlight their talents. In true reputable fashion, the bugs have also been reported to Apple in order for the Cupertino-based company to investigate and fix the problem so that it doesn’t continue to potentially affect users going forward.

Interestingly, the issue isn’t solely related to Apple’s iOS devices or iOS platform. The pair of hackers were also able to execute the same retrieval of deleted files on a multitude of popular and semi-popular Android devices, showing that the bug is quite commonplace in modern consumer-facing technology.

Now that Apple is aware of the problem it’s highly likely that the company will have this issue worked on and patched in the coming weeks. We currently have iOS 12.1.1 out in a beta capacity for developer’s to test and interact with. It’s not outside of the realms of possibility that Apple will have this fixed and deployed in the next beta of iOS 12.1.1.

We’ll be keeping an eye out for this fix in any future Apple security notes.

(Source: Forbes)

You may also like to check out:

You can follow us on Twitter, add us to your circle on Google+ or like our Facebook page to keep yourself updated on all the latest from Microsoft, Google, Apple, and the Web.