When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

Latest Apple iOS 13 exploit can be overcome in two ways

Neowin · · Hot! with 15 comments

Apple iOS 13 users may have to upgrade their software to patch an exploit that was recently discovered by security researcher Jose Rodriguez. The loophole allows anyone to bypass the screen lock and access contacts. The issue specifically affects devices featuring the much-awaited iOS 13 update which is set to be released on September 19.

Successful hack execution involves answering a phone call using the Siri option to input a custom response. Once Siri is open, the application should then be turned off. This leaves the contact field open allowing contacts on the phone to be viewed.

According to Rodriguez, beta versions of iOS 13.1 do not seem to have this security flaw. The newer operating system will be made available to consumers as of September 30.

The vulnerability is, however, not a serious problem. At least not compared to a malware injection exploit, for example. Apple Insider has highlighted that successful attempts involve a bit of timing while toggling between apps and, of course, physical access to the phone. These factors make the hack a bit harder to exploit.

Apart from an iOS 13.1 software upgrade, the issue can be overcome by simply turning off Siri when the screen is locked. This option is available in the preferences menu but is on by default.

Apple has of late had to respond to a flurry of reported security bugs that have the potential to affect a vast number of its customers. In August, the Project Zero security research team revealed a website level attack that specifically targeted iPhone users in China. Users who visited infected websites had spyware injected into their devices. The malware employed advanced kernel and sandbox escape elements to access all information on an iPhone. Apple has formally downplayed the assertions describing the security allegations as overblown.

According to its published statement, the attacks were localized and only affected websites with content related to the Chinese Uighur community. The company additionally states that less than a dozen websites were involved.

The Chinese government is believed to have been behind the attacks which were apparently aimed at spying on Uighur Muslims.

Report a problem with article
Next Article

This Complete Internet of Things eBook Bundle only costs $19

Previous Article

Discuss: Does the Nintendo Switch Lite make sense?

Join the conversation!

Login or Sign Up to read and post a comment.

15 Comments - Add comment