[ad_1]
A hacker would need physical access to a target’s phone to complete the hack — but once it is in their possession they could bypass Apple’s standard security features like facial I.D. Once they have done so, they can access the phone’s address book and see information for contacts stored on the phone, as well as indications of the most recent contacts with whom the phone’s owner had been communicating.
Jose Rodriguez, a cybersecurity enthusiast, living in the Canary Islands, contacted Apple on July 3rd suggesting that he had found a “passcode bypass” and asked if his findings would be eligible for an Apple Security Bounty — a program that rewards security researchers who bring bugs to Apple’s attention.
Apple promptly followed-up on Rodriguez’s tip and company staff had several calls with the researcher during which he walked them through the vulnerability on a beta version of the software, Rodriguez said.
Rodriguez provided copies of the emails and phone records of his correspondences with Apple to CNN Business.
Suspecting Apple might not fix the flaw before releasing the new operating system to its customers, Rodriguez last week went public with his findings.
Apple confirmed that the exploit Rodriguez identified would be fixed in the next version of the operating system, iOS 13.1, which is due to be released on September 24th.
The company previously moved the release date for that update forward from September 30th. The company declined to say if Rodriguez’s discovery had prompted the early release.
[ad_2]
Source link