14 DAY TRIAL // Hacker group Fluoroacetate managed to break into the iPhone X at the Pwn2Own hacking contest in Tokyo using a vulnerability in Safari browser, and according to new details that were shared after the event, the bug can be used to gain unauthorized access to user files.
Richard Zhu and Amat Cama compromised an iPhone X running iOS 12.1, which is the latest version of Apple’s mobile operating system, and extracted data from the device, including a photo that was previously deleted.
The complex nature of the hack makes it highly unlikely to be used by other malicious actors out there, and the hackers have already reported the bug to Apple.
A patch is already on its way, the Cupertino-based company explains, though an ETA hasn’t been provided just yet.
Bug already reported to Apple
But as reported by Forbes, the method used to break into the iPhone can expose not only the available and deleted photos, but also other content on the device.
The JIT compiler was exploited with a crafted Wi-Fi access point, and hackers were able to extract file from the Recently Deleted folder where iPhones store photos that were removed by the user within the last 30 days. After this period expires, images are automatically deleted forever.
The two security researchers earned $50,000 for their finding, and according to the rules of the hacking contest, the bug was reported to Apple for patching.
As we reported earlier this week, iPhones weren’t the only ones compromised during the event. Samsung’s Galaxy S9, which is actually one of the top iPhone X rivals, also fell victim to the hackers, and so did the Xiaomi Mi6.
A potential fix for the found iPhone X exploit may be included in the next beta build of iOS 12.1.1 which Apple is expected to release in the coming weeks.