Slashdot reader dryriver writes:
A security researcher discovered that if you get your hands on someone else’s iThing running iOS 13, and place a phone call to it, you can choose to respond with a TXT message, and get to see the contents of the address book on the iThing without actually getting past the lock screen…
The security researcher who found the flaw was not financially rewarded or acknowledged by Apple, but rather given the cold shoulder.
The security researcher says all he’d wanted was a $1 Apple Store card to keep as a trophy, according to The Register:
The procedure, demonstrated below in a video, involves receiving a call and opting to respond with a text message, and then changing the “to” field of the message, which can be accomplished via voice-over. The “to” field pulls up the owner’s contacts list, thus giving an unauthorized miscreant the ability to crawl through the address book without ever needing to actually unlock the phone.
They also report that while the insecure-lock-screen iOS 13 will be officially released on September 19, a fixed version, iOS 13.1, “is due to land on September 30.”
of this story at Slashdot.
Source:: Slashdot