An iPhone X Vulnerability Allows Hackers To Access Deleted Pictures

Recently, two researchers have demonstrated how an iPhone X vulnerability that could allow an attacker to access deleted pictures.

iPhone X Vulnerability Allows Hacking Deleted Pictures

At the recently ended Pwn2Own 2018 contest, two researchers demonstrated their hacking skills as they strived to win the contest. Yet, while doing so, they meddled with the iPhone X revealing an awkward hack. They allegedly discovered an iPhone X vulnerability that lets an attacker retrieve deleted files and photos.

The duo, Richard Zhu and Amat Cama, joined hands as fluoroacetate to discover the hack. As demonstrated, the hack simply involves exploiting the “recently deleted” feature in iPhone X. An iPhone retains any deleted file or picture for 30 days as “recently deleted”, after which, it disappears forever. After the 30-day time period, not even Apple stores the file (as claimed). However, during this time, the deleted files or photos remain vulnerable to being recovered.

The researchers exploited a vulnerability in the Apple Safari browser on a device running on iOS 12.1. Trend Micro’s Zero Day Initiative confirmed the hack in a tweet.

While the researchers retrieved a picture during the hack, the trick supposedly works to retrieve almost any deleted file.

Fix Maybe Coming

After the hackers presented details, Zero Day Initiative disclosed it in another tweet.

As per the contest rules, Apple has been reported of the vulnerability. Hence, we may expect a fix to mitigate the flaw soon. Until then, iPhone X users need to stay wary of any possible hacks until a fix arrives.

While the users may be a bit troubled after the discovery, the hack brought some good fortune for fluoroacetate. Successful demonstration of this flaw made them win $50,000 with 8 Master-of-Pwn points.

This vulnerability marks just another glitch in iOS 12.1 posing a security threat to the users. It hasn’t been a while that we came to know of a lock screen bypass by exploiting Group Facetime.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients