• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
TechEngage®

TechEngage®

Technology news and opinions

  • Tech News
  • Reviews
  • How-to
  • Roundups
  • Science
    • Energy
    • Environment
    • Health
    • Space
  • Apps
  • More
    • Opinion
    • Noteworthy
    • Culture
    • Blockchain
      • Cryptocurrency
    • Events
    • Deals
    • Startups
      • Startup Submissions
  • Videos
TechEngage » News » Phones

iPhone X is reportedly vulnerable to hacks!

Avatar Of Nouman S Ghumman Nouman S Ghumman Updated: December 29, 2018

IPhone X
Via Unsplash

Just as Masas found a vulnerability in Facebook and got rewarded, the Fluoroacetate duo, Richard Zhu and Amat Cama earned $50,000 for finding a hack on iPhone X!

The Fluoroacetate duo found a hack that allowed them to catch a photo that was deleted from the device!

During a Pwn2Own contest in Tokyo, where hackers performed to locate bugs in iOS and Android, two hackers who teamed up as “Fluoroacetate” discovered a vulnerability in the iPhone X. Apple was informed of the bug as soon as the duo traced the scenario and demonstrated it. The duo found this bug on the latest iOS (12.1) and reported it according to the Pwn2Own rules.
The hack retrieved a photo that was deleted from the cell phone.
However, the image was accessed from the recently deleted folder. This recently deleted folder was accessed through a third party interaction which in the case mentioned above, was a malicious Wi-Fi access point. As per the Forbes report, the hack was capable of retrieving a lot more information than just a deleted image.
If we consider the iPhone X functionality, any picture that you delete prompts a message that tells that the picture would be deleted from both, the device and the iCloud storage. As soon as you proceed with “Delete,” the photo is deleted from the parent folder but remains in a recently deleted folder for about 30 days. This is the case if you have an iCloud storage. Otherwise, the picture is immediately deleted from both the parent folder as well as the recently deleted items.

Confirmed! The @fluoroacetate duo combined a bug in JIT with an Out-Of-Bounds Access to exfiltrate data from the iPhone. In the demo, they grabbed a previously deleted photo. In doing so, they earn themselves $50K and 8 Master of Pwn points. #P2OTokyo

— Zero Day Initiative (@thezdi) November 14, 2018


However, the duo found a way to access this recently deleted folder due to the vulnerability in the Just-in-time compiler used in iPhone. The Just-in-time compiler processes code as the program runs, which increases the device’s performance. It was learned that due to this vulnerability in the compiler any malicious, remote actor can access the information on the device. The Fluoroacetate duo used an image to demonstrate this scenario during the contest.
The bug is expected to resolve by the next update. Until then, the iPhone X remains vulnerable to attacks from malicious access points.
Wait for Apple’s next update. Until then, stay tuned!

This post was orginally published on: November 15, 2018 and was updated on: December 29, 2018.

Related Tags: Apple iPhone X

Related Stories

  • Everything Google Announced At Its Pixel Hardware Event

    Everything Google announced at its Pixel hardware event

  • Russian Crypto-Jacking Malware Can Extract Cryptocurrencies

    Russian crypto-jacking malware can extract cryptocurrencies

  • Everything Apple Announced At Its Iphone 12 Event

    Everything Apple announced at its iPhone 12 event

Avatar Of Nouman S Ghumman

Nouman S Ghumman

Vice President and Associate General Counsel

The writer holds an LLM degree in International Commercial Law from the City University of London. He is a Managing Partner at SG Advocates & Legal Consultants. He is also the Vice President and Associate General Counsel at TECHENGAGE. He can be reached at nouman@sgadvocates.com

Reader Interactions

Share Your Thoughts Cancel reply

Please read our comment policy before submitting your comment. Your email address will not be used or publish anywhere. You will only receive comment notifications if you opt to subscribe below.

Primary Sidebar

Become a contributor

We are accepting contributor applications. All applications will be decided in 3 days after applying. To learn more click here.
TechEngage-Apple-News
TechEngage-Google-News
Alternatives to Poco X3

Best alternatives to Poco X3 on Amazon in 2023

best gaming consoles

Best video game consoles to buy on Amazon in 2023

Recent Stories

  • 6 best treadmills on Amazon in 2023
  • Samsung unveils Galaxy S23 series with “made for Galaxy” Snapdragon processor
  • Netflix crackdown nears as streaming giant tightens password sharing rules
  • Best ad blockers for desktop in 2023
  • Top Slack Alternatives in 2023

Footer

Discover

  • About us
  • Newsroom
  • Staff
  • Advertise
  • Send us a tip
  • Startup Submission Questionnaire
  • Brand Kit
  • Contact us

Legal pages

  • Reviews Guarantee
  • Community Guidelines
  • Corrections Policy and Practice
  • Cookies Policy
  • Our Ethics
  • Disclaimer
  • GDPR Compliance
  • Privacy Policy
  • Terms and Conditions

Must reads

  • Best AirPods alternatives on Amazon
  • Best PC monitors for gaming on Amazon
  • Best family board games
  • Best Graphics Cards (GPUs) for gaming
  • Best video doorbells without subscription
  • Best handheld video game consoles
  • Best all-season tires for snow
  • Best mobile Wi-Fi hotspots
  • Best treadmills on Amazon
  • Best AM radios for long-distance reception

Download our apps

TechEngage-app-google-play-store

Copyright © 2023 · All Rights Reserved · TechEngage® is a Project of TechAbout LLC.
TechEngage® is a registered trademark in United Kingdom under Trademark Number UK00003417167 and is ISSN protected under the ISSN 2690-3776 and OCLC Number 1139335774.

Go to mobile version