Apple’s new iPhone 11 and 11 Pro will reportedly ship with an iOS 13 security vulnerability, allegedly exposing contact details without first requiring a passcode or biometric identification.
Demonstrated in a video by independent researcher Jose Rodriguez, the weakness can be exploited by receiving a FaceTime call and then using the voiceover feature from Siri to access the contact list via the ‘reply by text message’ option.
The flaw was initially referred to Apple on 17 July for an Apple Security Bounty, however, Mr Rodriguez went public with his findings after he suspected Apple would not provide a fix before the iOS 13 release.
“With No Enter the Passcode you can See Contacts info. iOS 13 Feature. Read description please.”https://t.co/0HyWmukeLq
Will Apple change this feature before the release of iOS 13❔
— Jose Rodriguez (@VBarraquito) September 13, 2019
Apple is reportedly waiting for iOS 13.1 (scheduled for release 24 Sept.) to fix the item, leaving pre-order customers with little way to protect their new phone until the update.
All iPhone models capable of running iOS 13 are tipped to remain compromised until the new update.
Fortunately, there is a workaround for users by disabling the ‘reply with message’ lock screen feature, which is located in the Face ID & Passcode settings on the iPhone.
According to Inc.com, the security flaw has led the US Department of Defence (DOD) to email its employees and contractors “strongly encouraging” them not to upgrade their iPhones to iOS 13.
One saving grace is that the flaw does require physical access to the phone, meaning users are safe as long as they hold onto their new iPhone 11 or 11 Pro.