Hackers have discovered an exploit in iPhone X.
The two hackers received a prize of $50 000 for discovering vulnerabilities in the iPhone X that allows you to recover previously deleted photos or files.
Apple has been notified about the error, but it remains in the system, at least until the next iOS upgrade.
During cell competition, in which hackers looking for bugs in iOS and Android, Richard Zhu and Amat Kama discovered the vulnerability and presented it in the demo version.
Although the attack requires some access to the device, the researchers believe that it can be deployed using the access point Wi-Fi, putting it within reach of attackers.
When you delete a photo on iPhone X, iOS first offers you the “This photo will be removed from the photos to iCloud on all your devices” followed by button “Delete photo”. Then you will see the photo in the folder “Recently deleted”. You can then go into “Deleted items” to immediately delete the photo, otherwise it will be slow to leave after the expiration of 40 days.
However, the two hackers found a way to recover those recently deleted photographs. They found a vulnerability in the compiler “just in time” (JIT), which, as expected, treats the computer code when the program is run.
If the compiler is compromised, attackers can obtain the recently deleted files. Theoretically, any data processed by the JIT compiler, can be vulnerable to attack; the researchers simply used the photo as a proof of concept.
