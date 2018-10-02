“A YouTube video posted last week alleges that it’s possible to bypass the lock screen of an iPhone running iOS 12 without knowing the password, and access both contacts and photos,” Stan Schroeder writes for Mashable.

“The process, discovered by security researcher Jose Rodriguez, is a bit convoluted and requires invoking Siri to enable Voiceover, then sending a text message from another phone to the iPhone,” Schroeder writes. “Then, a double-tap at the right moment grants you access to features and commands you shouldn’t be able to access, invisible behind a white screen but still accessible by swiping across the screen. One of these then enables you to access the phone’s contacts, while a more complicated hack (but also doable without any special equipment or expert knowledge) lets you access photos on the phone. ”

“The original video, in Spanish, shows the trick working on what looks like the iPhone 8, but the same technique was recreated on an iPhone XS Max in another (English) video by EverythingApplePro, below,” Schroeder writes. “Apparently, the bug is present in iOS 12 (and the iOS 12.1 beta) and works on all Apple devices that can run it.”

MacDailyNews Take: Another embarrassing lapse from Apple’s quality assurance team that we expect will quickly grab the attention of higher ups and get fixed post haste via iOS update. Would that it never were, but ’tis, so thanks to Jose Rodriguez who found and publicly announced it (better than keeping it to himself or selling it, but worse than going to Apple with it privately), so Cupertino’s iOS team could fix it! NakedSecurity‘s John E Dunn writes that “anyone wanting to exploit the weakness would need physical access to the device, plenty of time, and step-by-step instructions” and reminds users that “the bypass can be mitigated by disabling Siri’s lock screen access: Settings > Face ID & Passcode or Settings > Touch ID & Passcode > disable Allow access when locked.”