Test version – the test that almost certainly contains certain gaps, which need to be determined in the process of researching testers. iOS 13 was not in this sense an exception, because it contained several serious vulnerabilities that allow to access to the passwords and data of Bank card users. To release the Golden Master version of the updates of these flaws corrected, but in their place appeared at least one new one.
Researcher in the field of cybersecurity Jose Rodriguez spoke about the existence in iOS 13 vulnerabilities, the exploitation of which allows access to the entire contacts list of the victim without having to enter a password or undergo biometric recognition. This bug hides in VoiceOver, a screen reader that is currently happening on the screen, and requires a set of several actions in sequence.
Vulnerability - the lack of operating system or software, which may compromise their integrity or lead to incorrect performance. Typically, a vulnerability is considered to be the mistakes made by developers at the stage of programming, but to include weak passwords or a lack of adequate rules of their storage.
How to bypass the security of iOS 13
- First, you need to get the victims iPhone with iOS Golden Master 13 or earlier a beta Assembly;
- To call him via FaceTime;
- Not answering the call, select answer message;
- Call up Siri and ask to turn on VoiceOver and then turn it off;
- After that you will open access to the entire list of contacts stored in the iPhone memory.
Subscribe to our chat in Telegram. There we are constantly discussing what is happening with Apple.
In the words of Rodriguez, he found the vulnerability at an early stage of testing iOS 13 and had already notified Apple about its existence. However, the researcher says, in Cupertino still has not responded to his appeal and did not eliminate the bug, which continues to exist until now. Perhaps the developers considered it to be minor, and may have just postponed the fix to the next versions of the OS. In the end, to cause someone real harm, it was unlikely.
Despite the fact that it is really a vulnerability which opens the access to the confidential information, its application in real conditions is practically impossible. Even if an attacker manages to get hold of a device of the victim, there is no guarantee that it will be running an affected version of iOS 13, not to mention the fact that the contact data of the victim to call the attacker most likely also will not be. All this makes the performance of such attacks, if not impossible at least difficult to implement. Anyway, personally I find it hard to imagine a person that will be chasing mobile stranger only to find out someone’s phone number or email address.