Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Network Security, Security Strategy, Plan, Budget, Vulnerability Management, Threat Management, Malware, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security
Group FaceTime for iOS exposes users’ full contact info
A researcher has apparently found a way to exploit the new Group FaceTime feature in iOS 12.1 in order to access iPhone users' contact information.The Hacker News has reported that Spanish researcher Jose Rodriguez made the discovery just hours after the release of version 12.1 last Oct. 31, and subsequently created a video of his technique, which he posted online.The "hack" works by calling one person's iPhone from another iPhone, then upon connection launching the FaceTime video call option and selecting "Add Person" from the menu. Doing so will reveal to the attacker the other phone's full contact list. Using the 3D Touch option on each contact reveals even more information.The Hacker News reports that Rodriguez has previously uncovered other iPhone passcode bypass hacks, including two that leverage Siri and the VoiceOver screen reader in iOS versions 12 and 12.0.1, respectively. Apple's last update to iOS version 12.1 included fixes to 32 vulnerabilities found in a number of features and components, including AppleAVD, Contacts, CoreCrypto, FaceTime, the Graphics Driver, ICU, IOHIDFamily, IPSec, the Kernel, Messages, NetworkExtension, Notes, Safari Reader, Security, VoiceOver, WebKit and WiFi. However, a new update to address this apparent oversight in FaceTime may soon be in order.SC Media has contacted Apple for comment.
An In-Depth Guide to Network Security
Get essential knowledge and practical strategies to fortify your network security.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds