Failure in iOS 12 allows stealing deleted images from an iPhone

A couple of hackers from the Fluoracetato group managed to recover a deleted photograph from the gallery of an iPhone X device, taking advantage of a vulnerability present in the iOS 12.1 operating system, which could be used by cybercriminals to steal images already deleted. Apple phones

The image was removed from the gallery 'Photos' and ended up located in the 'Deleted' folder, from where the duo of hackers was able to extract it, according to the French media Igen. To do this, they used a vulnerability present in the compiler at run time (JIT, according to its acronym in English) of Apple's Safari browser.

The two 'hackers' exploited this vulnerability of iPhone X in iOS version 12.1 during the Mobile Pwn2Own competition, an event in which different hackers have to 'exploit' a mobile through unknown vulnerabilities, in order to keep it as prize. This year, Mobile Pwn2Own was held on November 13 and 14 in Tokyo (Japan), framed within the PacSec cybersecurity conference.

The 'Deleted' folder collects the deleted documents from the phone gallery during the last thirty days, with the possibility of being restored by the owner of the phone, and once this time has passed, they disappear definitively. The two hackers were able to extract a photograph by using a public Wi-Fi network to which they connected.

Along with the iPhone X, hackers also successfully 'exploited' a Xiaomi Mi6, according to the Zero Day Initiative website, a global community of cybersecurity researchers whose members are responsible for discovering 'software' flaws of the type ' zero day 'on devices, which can be exploited by cybercriminals.

In the publication it has been described that, by means of technology of near field communication (NFC), the 'hackers' harmed the Xiaomi Mi6 and forced it to open the browser when using the function of 'touch to connect', and to navigate to through him.

In the Twitter account of Zero Day Initiative, all the vulnerabilities discovered by Fluoracetato have been pointed out, among which the recovery of a deleted image in Xiaomi Mi6 also stands out, although this time through a JavaScript failure in its web browser.

Along with this, Richard Zhu and Amat Cama, members of Fluoracetato, also managed to successfully perform a baseband attack on Samsung Galaxy S9 to cause an excess of data flow in a mound and thus gain unauthorized access to the terminal's memory and execute codes.

Date update on 2018-11-16. Date published on 2018-11-16. Category: iphone Author: Oscar olg Fuente: msn