O'Grady's PowerPage

Tag: Jose Rodriguez

  • Group FaceTime bug located in iOS 12.1, could allow full viewing of locked iPhone’s contact information

    This is a bit of a mess.

    A bug has been discovered in the newly-released iOS 12.1 operating system in which Group FaceTime calls can allow a hacker to access the details of a contact stored on an iPhone, without needing to unlock the device.

    The public release of iOS 12.1 allowed iPhone and iPad users to make Group FaceTime calls, which extends the existing FaceTime functionality to allow up to 32 callers to take part in a video conference. While the change increases the caller limit from two, the mechanism to add contacts also appears to be susceptible to abuse, including when the iPhone itself is locked.

    The exploit was discovered by security researcher Jose Rodriguez, who offered the following demonstration of the hack:
    (more…)

  • Apple releases server-side patch to Siri bug allowing access to photos, contacts under iOS 9.3.1

    ios9logo2

    A Siri-based vulnerability that allowed access to a user’s photos and contacts under the right conditions under iOS 9.3.1 has been patched server-side by Apple.

    Shared recently by Jose Rodriguez, the vulnerability used Siri’s ability to access Twitter to find an email link or phone number, which could be pressed to open up an editable list of contacts even on a device that was locked. Through access to contacts, a user’s full photo library was also visible.

    The vulnerability relied on Siri to perform a Twitter search and could give direct access to photos and contacts/ The method appears to have been disabled on all devices as of today.

    (more…)

  • Security hole in iOS 9.3.1 could offer access passcode-free access to photos, contacts under certain conditions

    ios9logo2

    If you’re running iOS 9.3.1 and gave Siri access to your Twitter information as well as yourContacts or Photos, this is something worth looking into.

    A video surfaced online yesterday purporting to show a vulnerability in iOS 9.3.1 that allows anyone to access photos and contacts on a locked iPhone without having to enter a passcode.

    The YouTube video, uploaded by Jose Rodriguez, depicts a user performing a Siri search followed by a series of relatively simple steps, one of which involves 3D Touch, limiting the exploit to iPhone 6s and 6s Plus devices.

    (more…)