A couple of security researchers have paired up to combine their efforts for discovering a certain vulnerability in the latest iOS version from Apple. Due to the said vulnerability, they were allowed to access photographs that have already been deleted from that iOS device on which it is running. The flaw has been reported to Apple as well.
Amat Cama and Richard Zhu have joined hands together to discover a vulnerability in Just-in-Time Compiler of the latest iOS 12.1 and they revealed it at Mobile Pwn2Own competition that took place in Tokyo recently.
This discovery allowed them to access any deleted photographs on an iPhone X device running iOS 12 even after they had been completely washed away from the iPhone. As far as the users are concerned, there is nothing wrong in assuming that deleted photographs mean deleted actually but, as it appears, that wasn’t the case with that bug.
It is also very important to note down that this issue inside JIT Compiler also means it’d be possible theoretically to have access to other files that have supposedly been deleted from the device, and not the photographs only. After this discovery of theirs, the two hackers left Mobile Pwn2Own contest after being titled as “Master of Pwn” and their efforts helped them make $50,000 from this bug discovery.
Their work involved discovering and showcasing several other exploits as well and that actually highlighted the kind of talent they posses. In a truly reputable manner, these bugs have been reported to the manufacturer as well so that the company may investigate them and fix the issues so that they may not be a source of threat continuously for the users as we move forward.
What makes things even more interesting is that this issue is not only related to iOS platform or the iOS devices from Apple. The two hackers also managed to execute that same deleted files retrieval trick on multiple famous and semi-famous Android devices as well. This certainly shows that the said bug is quite commonplace as far as modern consumer-facing tech is concerned.
Nevertheless, as Apple is now aware of the issue being highlighted by the hackers, it is very much likely that they will be working on this issue and we’ll see a patch being released in weeks to come. Currently, we have iOS 12.1.1 available in the beta version on which the developers are performing all the testing and tweaking. So, it is very much possible that the manufacturer will fix the issue and deploy the fixed iOS version as its next beta release for iOS 12.1.1. So, just stay tuned!