Bug in New iOS Lets Attacker Access iPhone Pics

A new vulnerability discovered in Apple’s latest iOS, 12.0.1, released last week, allows an attacker with physical access to an iPhone entry into photos on a locked phone, according to Jose Rodriguez, a Spanish security researcher. While the bypass bug, reported by The Hacker News, does require that an attacker have physical access to an iPhone, an attacker could still access the photo albums and send selected pictures using Apple Messages even if the phone is locked. Rodriguez reported the bug and provided a proof-of-concept video via YouTube in which he demonstrated various steps of the attack, which starts with an incoming call to the targeted iPhone. After tapping the "message" option on the iOS call screen, Rodriguez selected the "custom" option, which then displayed the Messages user interface, at which point he entered random letters before calling on Siri to activate VoiceOver.