Apple’s IOS 12.1 update doesn’t just bring CPU throttling to the iPhone 8 and iPhone X, but also comes with a security flaw that allows the lockscreen to be bypassed and provides access to all the contacts on the phone.
Security boffins discovered the bypass and posted a video of it on YouTube demonstrating how the lockscreen’s passcode could be bypassed by using the new FaceTime group calling feature.
It involves turning on airplane mode at the right moment and having physical access to an iPhone running iOS 12.1 – the exploit doesn’t work on another version of iOS, but it does look fairly straightforward to exploit and gain access to the contacts on the handset.
The exploit is pretty similar to another one found in iOS 12.0.1 which with a bit of adept timing could allow access to an iPhone’s photos.
Again, direct access was needed to bring the exploit to bear, so one could argue that if you leave you’re iPhone lying around and out of your sight you’re asking for such problems.
That being said, if you have your iPhone snatched out of your hands, by say some opportunistic thief on a bicycle, the exploit could be used by said thief to peruse your contacts and potentially cause all manner of havoc with that information.
This isn’t good news if you’ve just dropped a grand plus on a swish new iPhone XS. But we suspect Apple will patch out the problem pretty sharply, but if you’re an iPhone user we’d suggest you make sure it doesn’t fall into the wrong hands.
Apple doesn’t seem to have a great history of making lockscreens that are pretty secure, as there have been plenty of instances in the past where said screen can be bypassed, sometimes fairly easily and at other times requiring some long-winded techniques.