A glitch in iOS 13, the new operating system for Apple iPhones which was released on Thursday breaches privacy and shares contacts bypassing biometric identification or passcode. This flaw is believed to be known to Apple since July as per the statement of an individual who had brought the flaw to the notice of Apple. The statement was made to CNN Business.
Jose Rodriguez, is the name of the cyber-security enthusiast who had got in touch with Apple with regard to the bug and checking his eligibility claim for an Apple Security Bounty- a reward program for security researchers who make such bugs known to the company.
During the series of talks which followed after the disclosure of the flaw, the researcher explained the susceptibility of the software’s beta version to hackers to the company. He revealed that physical accessibility to the target’s phone was all that was needed by the hacker to do his job. The hacker could get into the address book of the phone and obtain contact data of the target and also his latest contact list. The standard security features of Apple such as Facial I.D. could be easily sidestepped, he disclosed.
Rodriguez brought his findings into public limelight after fearing inaction on Apple’s part in the matter before the iOS 13 was released to its customers. Email copies and records of correspondences over phone with the tech giant were provided to CNN Business by Rodriguez.
CNN Business duplicated the exploit on the officially updated version of iPhones on Tuesday. Apple disclosed that their next version, iOS 13.1 would contain the exploit fix. The next version is scheduled for a 24th September release.
The earlier release date was slated to be 30th September which was preponed, whether it was due to the discovery made by Rodriguez or otherwise is not known. The company refused to comment on this matter.