[ad_1]
As long as the lock screen is responsible for providing both security and convenience, we will continue to find cases where the first compromises the first. Finding compromises that are increasingly complex and almost mysterious is a good thing. A concrete example, the latest on iOS 12 for devices up to and including iPhone X and iPhone X Max.
From MacRumors:
With physical access to the device locked, the attacker first asks Siri to turn on VoiceOver, puts the device to sleep with the side button, and then calls the device. iPhone with the help of another device. Once the call screen is displayed, the attacker clicks the Message button, chooses to create a custom message, and then clicks the plus (+) icon in the upper right.
Then, on the other phone, the attacker sends an SMS or an iMessage to the target iPhone, whose screen is then touched twice when notification of the message is displayed. This causes strange behavior in the user interface because it highlights the icon further below.
After a short wait, the screen turns white and the notification disappears, but the VoiceOver text selection box is apparently still usable and can now be used to access the Messages interface. After several screen scans, VoiceOver says "Cancel", which brings up the original Messages screen.
Adding a new recipient to the message and selecting a number from the virtual keyboard will then reveal a list of recently dialed or received phone numbers and contacts. In addition, if one of the numbers or contacts includes an information button ("i"), turn off VoiceOver and press the button to display the contact information. Running a 3D Touch action on the contact also opens call and message options, as well as options for Add to existing contact or Create new contact.
There is a similar one for dandruff. Since an attacker would need physical access to a device to even attempt to trigger the exploit, and that disabling Siri on the lock screen will prevent it from happening. completely, most people should not worry at the moment. We just need to wait for Apple to include the fix in the next update, as always.
Click on the link above for the full story and video.
[ad_2]
Source link