The bug, disclosed seven days ago, exposes contact details without requiring a passcode or biometric identification first.
Independent researcher Jose Rodriguez published a. It can be exploited by receiving a FaceTime call and then using the voiceover feature from Siri to access the contact list. From there, an unauthorised person could get names, phone numbers, email addresses, and any other information stored in the phone’s contacts list.
Apparently, there are people who are surprised that Apple knew about the bug when it shipped and did nothing about it.
“While the iPhone has suffered from much worse vulnerabilities—both the recent jailbreak bug regression and the host of actively exploited zeroday flaws it’s hard to understand why this one wasn’t fixed before iOS went live”, moaned one member of the tech press.
An Apple representative said that the bug would be fixed in iOS 13.1, scheduled for release on 24 September.