New iPhone Bug Allows Hackers to View and Send Photos to Other Devices

Rafia Shaikh Comments
Comments
iphone hack iPhone XS more popular than predecessor

Apple recently fixed a vulnerability that could be used to bypass the iPhone lock screen with its release of iOS 12.0.1 last week. However, Jose Rodriguez, an iOS enthusiast known for finding ways to break into the iPhones, has revealed yet another problem.

Rodriguez had disclosed a vulnerability - tracked as CVE-2018-4380 - to bypass the iPhone lock screen last month. Since the method worked on the latest iOS versions and on the newest of iPhones, Apple was quick to patch the flaw in its latest security update.

Related Story Apple’s Efforts To Shift iPhone Production Out Of China Are Being Met With Massive Obstacles; Authorities Are Blocking Supplier’s Equipment Shipments To Other Countries

"A lock screen issue allowed access to photos and contacts on a locked device. This issue was addressed by restricting options offered on a locked device." - Apple

However, Rodriguez has disclosed yet another similar problem that exploits an unpatched bug in VoiceOver to gain unauthorized access to photos on an iPhone.

How this latest iPhone hack works

The latest way to get into an iPhone to access its photos uses the ever-compliant Siri and a VoiceOver bug (via AppleInsider). We have seen Siri being involved in numerous similar such hacks where it's used to get unauthorized access to an iPhone if someone has physical access to the device.

This latest attack works something like this:

  1. You make a call to the target iPhone.
    • Phone number isn't known? Don't worry, just ask Siri to read it out for you.
  2. On the call screen, Rodriguez selects the Messages icon and activates VoiceOver via Siri.
  3. Using this newly activated VoiceOver, a hacker can navigate through hidden UI functions and activate them.
  4. Back to Messages, hacker taps on the Camera icon, invokes Siri, double taps the screen, and apparently, a bug has been exploited that could be used to insert multiple images into the Messages text box and sent to the attacker's device. Notice that the hacker can't actually see the photostream but can randomly tap to select an image, view and decide to send it or choose another.

Didn't get any of that? Don't worry. Rodriguez has shared a pretty useful proof-of-concept that you can follow to try this hack on your own iPhone - you will need two devices for this to work.

This new VoiceOver bug works on the very latest iOS version 12.0.1 and the brand new iPhone XS. As recommended previously, users can disable Siri's access on the lock screen through Settings > Touch ID & Passcode > uncheck Siri under "Allow access when locked."

iphone hack voiceover disable siri

Apple is likely to address this latest iPhone hack in an upcoming release.

Further Reading

iPhone 17 Air dummy models show design as thin as buttons and USB-C port

iPhone 17 Air Dummy Units Reveal An Incredibly Thin Design, Nearly As Slim As The Buttons And So Sleek That USB-C Port Looks Chunky

Ali Salman
U.S. Senator wants to know what talks happened between Apple CEO Tim Cook and President Donald Trump

U.S. Senator Has Questioned Apple CEO Tim Cook To Disclose His Discussions With President Donald Trump, Particularly On How The Company Obtained Tariff Exemptions

Omar Sohail
EU levies fines on Apple and Meta

Apple And Meta Face First-Ever EU Fines Under Digital Markets Act As European Commission Gives Tech Giants 60 Days To Comply Or Face Further Sanctions

Ezza Ijaz
iPhone 17 Air dummy units raises bendgat concerns

YouTuber Gets Impressed With The iPhone 17 Air’s Thin 5.5mm Design, Says It ‘Feels Futuristic’ But Raises Bendgate And Battery Life Concerns

Ali Salman

Trending Stories

Popular Discussions