Apple has just introduced the latest iOS 13 update for iPhones and it turns out that devices running iOS 13 are not ‘safe’ enough. This is because hackers have found a way to bypass Apple’s FaceID to access the phone address book. Not just that, hackers can even get to know the recent contact list. Thankfully, this hack is only possible, if a hacker physically gets to have the iPhone running iOS 13 in his hands as it is not possible to do this remotely.
Interestingly, a new report claims that Apple had known about this vulnerability back in July and the company had done nothing about it. A cybersecurity enthusiast named Jose Rodriguez had approached Apple with “passcode bypass” that can bypass Face ID. Rodriguez had asked Apple whether this “passcode bypass” discovery would make him eligible for Apple Security Bounty.
Researchers at Apple were quick to get in touch with him and Rodriguez had explained the proof of concept of this vulnerability in the beta release of the iOS13. Having demonstrating the vulnerability, he was unsure whether Apple would actually consider the flaw and fix it before the official release of iOS 13. It was then that he had decided to go public with his “passcode bypass”. Rodriguez even went to CNN to share his conversation with Apple on this matter.
Soon after the “passcode bypass” went public and media started to report about it, Apple confirmed that the exploit would be fixed in the next release of iOS 13-- iOS 13.1. The update is expected to be released on September 24. Interestingly, Apple had earlier planned to release the update on September 30 but it did not confirm whether Rodriguez going public with the exploit was one of the reasons for the company to bring the release date if iOS 13.1 ahead of the scheduled date.
No comments:
Post a Comment