Apple released its latest iOS 12.1 update to devices earlier this week, and security researchers have already discovered a new lockscreen bypass. The exploit provides access to all contact information on an iPhone, and involves activating a FaceTime call and accessing the new group FaceTime feature to see contact information without a passcode.
iOS 12.1 exploit bypasses the lockscreen for access to contacts
Another iOS lockscreen security bug
Another iOS lockscreen security bug
is a senior correspondent and author of Notepad, who has been covering all things Microsoft, PC, and tech for over 20 years.
This particular exploit only works on iOS 12.1, and was discovered hours after Apple released the update on Tuesday. We’ve tested this exploit and can confirm it works on iOS 12.1. It follows yet another lockscreen bypass in the previous iOS 12.0.1 update that allowed attackers to steal recent photos from a device. Both attacks require physical access to an iPhone, and are particularly troublesome for victims of domestic abuse or anyone who leaves a phone unattended in a shared space.
Apple has a long history of lockscreen bypass bugs. A bug in iOS 6.1 back in 2013 allowed attackers to access phone records, contacts, and photos freely. iOS 7 also included a similar security hole, and researchers found a rather elaborate way to bypass the iOS 8.1 lockscreen just a few years ago. Lockscreen bugs with iOS are almost as common as Daylight Saving Time (DST) bugs, which Apple has struggled with over the years.
Follow topics and authors from this story to see more like this in your personalized homepage feed and to receive email updates.
