New iPhone Password Bypass Bug Let Anyone Access to Private Photos

Recently, a Spanish amateur security researcher, Jose Rodriguez discovered a nasty bug in Apple's iOS 12 that lets anyone bypass iPhone’s passcode and gives physical access to private photos. The Bug also works on Apple’s latest iOS 12.0.1

Prior to this new vulnerability, a similar bug was also found on iOS 12 and that let attackers have access to an iPhone and see all the contacts and photos. However, the bug was fixed by Apple last week in its iOS 12.0.1 update release. And talking about this new bug, it still works perfectly on iOS 12.0.1.

According to Rodriguez, iPhone users are advised to disable access to Siri when your phone is locked to be on the safer side. And to do that, just head to ‘Settings’ and then ‘Touch ID & Passcode’.

This latest bug doesn’t need much of an effort to exploit. With some basic steps, anyone can gain access to your private photos on the phone. Here are the steps you can follow to carry out the passcode bypass process:

1. Make a call to the target phone. In case if you don’t know the phone number, don’t worry! You can just ask Siri to make a call to your phone.
2. Make sure you don’t pick the call. Instead, tap on ‘Messages’ and then ‘Custom’ to reply via text message and type any word on the text message box.
3. Next is — ask Siri to turn on VoiceOver.
4. Tap on Camera Icon.
5. Invoke Siri and double tap on the phone’s screen (at the same time).
6. And when the screen goes black, swipe your finger on the screen up to the top left corner and the VoiceOver will read aloud what you have selected. Keep swiping until you hear "Photo Library" read by VoiceOver.
7. Once you find Photo Library, double tap at that place to select and you will get back to the message screen. But instead of the keyboard, you’ll see a black space, which is actually an invisible photo library.
8. Swipe your finger again up to VoiceOver that reads aloud the characteristics of each photo.
9. Now, Double-tap on a photo and it will be added to the text box, which can now be sent to any number.