VoiceOver iOS 12 Bug Creates Lock Screen Bypass Exposing User Photos

It hasn’t been long since we reported on other iOS 12 passcodes bypass methods, however here we are with another one. The same researcher who told us about the glitches in iOS 12 earlier now presents another bypass. This time, he demonstrates how a VoiceOver iOS 12 bug could allow an attacker to snoop into your photos on the device.

A VoiceOver iOS 12 Bug Allows An Attacker To Bypass Lock Screen

Jose Rodriguez has discovered one more iOS passcode bypass method that can allow an attacker to access photos on the target device. Once again, the exploit involves Siri that invokes the VoiceOver feature. The attacker can then make use of the VoiceOver iOS 12 bug to access the target device’s photos.

The attack method does not seem too complicated, yet it requires patience as it will take a while. To begin with, an attacker could simply call the target device. After that, instead of answering the call from the target device, the attacker can simply tap the message feature to reach the Message UI. From here, the attacker can invoke Siri and activate VoiceOver, return back to the messages.

After that, by tapping on the Camera icon, and double tapping the screen while invoking Siri will trigger the iOS glitch. The screen will go blank, yet, the VoiceOver will continue guiding the attacker about the options being tapped. The moment the attacker reaches “Photo Library”, he can tap on it to return to the Message feature. Here, in place of the keyboard, a blank space will appear that supposedly features the photos. While the attacker may not see anything right away, tapping that blank space will preview the photos for anticipated insertion in the message.

This is it! The attacker now has complete access to all photos in the device. Here is how Rodriguez demonstrated exploiting the bug.

Patch Awaited

The person discovering the recent glitch is the same guy who has a history of unveiling iOS flaws. The last iOS 12 bypass methods that allowed access to users’ photos and contacts was also discovered by Rodriguez.

The previous two iOS 12 passcode bypass bugs received fixes in the iOS 12.0.1 update rolled last week. However, the recent VoiceOver bug affected version 12.0.1 as well. It means Apple may have to roll out another update with a patch to this bug at the earliest. Otherwise, users are highly vulnerable to this attack method since even an amateur can follow the process demonstrated in the video.

Alongside these lock screen bypass tricks, Apple’s Mojave iOS 12 also demonstrated an iOS texting bug. The bug appeared due to a change in iMessage Unified Thread Functionality feature, delivering messages to the wrong recipients. Apple is yet to roll out a permanent fix for this glitch as well.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients