A newly discovered vulnerability in iOS 12.1 allows anyone to bypass the lock screen to access private contact data. Here’s how this bug works.
iOS 12.1 vulnerability allows access to contacts
iOS 12.1 appeared Tuesday night, but the first major vulnerability has already been discovered. YouTube user “videosdebarraquito” discovered that you can bypass the lock screen, and then have full access to private contact information on the device.
The error has to do with the new FaceTime group conversations introduced in iOS 12.1 firmware.
Due to a bug in the firmware, anyone can view the contact information by opening FaceTime and activating the new group conversation feature.
To get hold of your private data, the attacker needs physical access to the iPhone, which makes the vulnerability less “invasive” than other remote code execution bugs.
However, this bug is still quite dangerous and can have consequences if you leave your iPhone unattended.
If you are concerned that someone may snoop around on your contact list, I highly recommend not to leave your iPhone in a place where other people can physically access your device.
Patch to be released soon
Apple is yet to give an official statement regarding this vulnerability but is likely to release a small update that will patch it. Hopefully, this update will go public sometime this week.
It is not the first time that iOS is plagued by a bug that allows anyone to bypass the lock screen.
iOS 12.0.1 has a similar bypass bug and its predecessor (iOS 11), too, had to deal with the same problem – on more than one occasion.