Apple’s iOs 13, the new iPhone operating system was on Thursday released by Apple with a flaw which exposes contact details stored in iPhones without requiring a passcode or biometric identification.
According to a source who reported the bug to Apple, the tech company has known about the flaw since July.
A hacker would need physical access to a target’s phone to complete the hack, but once it is in their possession they could bypass Apple’s standard security features like facial I.D. Once they have done so, they can access the phone’s address book and see information for contacts stored on the phone, as well as indications of the most recent contacts with whom the phone’s owner had been communicating.
Jose Rodriguez, a cyber-security enthusiast, living in the Canary Islands, contacted Apple on July 3rd suggesting that he had found a “passcode bypass” and asked if his findings would be eligible for an Apple Security Bounty, a program that rewards security researchers who bring bugs to Apple’s attention.
Apple promptly followed-up on Rodriguez’s tip and the company’s staff had several calls with the researcher during which he walked them through the vulnerability on a beta version of the software, Rodriguez said.
He provided copies of the emails and phone records of his correspondences with Apple to CNN.
Suspecting Apple might not fix the flaw before releasing the new operating system to its customers, Rodriguez last week went public with his findings.