An exploit has been discovered by two security researchers that allows hacking an iPhone X opening up access to a photo that was deleted from the device. Apple has already been notified of the flaw, and is working on a fix.
As first reported by Forbes, hackers Richard Zhu and Amat Cama teamed up and discovered the hole that allowed access to deleted files on iOS devices running iOS 12. This is due to a weakness in the current public version of the Safari browser.
As per the Mobile Pwn2Own contest in Tokyo, Apple has been informed and the hackers were able to walk away with $50,000.
The hack would allow recovering more than just photos. The flaw that allows the hack is in the browser’s just-in-time compiler. Vulnerabilities in software like this are common in all operating systems, and it’s a continuous battle to keep the security holes plugged.
While the hackers were able to exploit the JIT compiler flaw with a malicious access point, the iPhone wasn’t the only victim, as they were also able to exploit a similar flaw in the Android OS on a Samsung Galaxy S9 and a Xiaomi Mi6.
Apple is expected to have the security flaw patched in an upcoming iOS 12 update.