A flaw in iOS 13 can expose your contact details, and Apple’s known about the problem since July

Sep 19, 2019, 5:07 PM
AP Photo/Marcio Jose Sanchez, File...
AP Photo/Marcio Jose Sanchez, File

(CNN) — A flaw in iOS 13, the new iPhone operating system Apple released Thursday, exposes contact details stored in iPhones without requiring a passcode or biometric identification. And Apple has known about the flaw since July, a person who reported the bug to Apple told CNN Business.

A hacker would need physical access to a target’s phone to complete the hack — but once it is in their possession they could bypass Apple’s standard security features like facial I.D. Once they have done so, they can access the phone’s address book and see information for contacts stored on the phone, as well as indications of the most recent contacts with whom the phone’s owner had been communicating.

Jose Rodriguez, a cybersecurity enthusiast, living in the Canary Islands, contacted Apple on July 3rd suggesting that he had found a “passcode bypass” and asked if his findings would be eligible for an Apple Security Bounty — a program that rewards security researchers who bring bugs to Apple’s attention.

Apple promptly followed-up on Rodriguez’s tip and company staff had several calls with the researcher during which he walked them through the vulnerability on a beta version of the software, Rodriguez said.

Rodriguez provided copies of the emails and phone records of his correspondences with Apple to CNN Business.

Suspecting Apple might not fix the flaw before releasing the new operating system to its customers, Rodriguez last week went public with his findings.

CNN Business was able to replicate the exploit on Tuesday on iPhones that had updated to the official version of iOS 13.

Apple confirmed that the exploit Rodriguez identified would be fixed in the next version of the operating system, iOS 13.1, which is due to be released on September 24th.

The company previously moved the release date for that update forward from September 30th. The company declined to say if Rodriguez’s discovery had prompted the early release.

The-CNN-Wire
™ & © 2019 Cable News Network, Inc., a Time Warner Company. All rights reserved.

Today’s Top Stories

A surface-to-surface missile is fired into the sea off the east coast in this handout picture provi...
Yoonjung Seo, Caitlin Hu, Eric Cheung and Brad Lendon, CNN

US and South Korea test-fire missiles in continued response after North Korea launch

In response to a recent test missile launch by North Korea, the US and South Korea launched four missiles off the Korean Peninsula Wednesday morning.
6 hours ago
Deputies with the Duchesne County Sheriff's Office are investigating a new scam to hit the area and...
Mark Jones

New scam in Duchesne County includes threat on life of a family member

Authorities in Duchesne County are warning people to be on the lookout for a new scam in which a caller threatens to kill a family member if certain financial information isn't provided.
1 day ago
Gov. Spencer Cox appointed John D. Luthy to the Utah State Court of Appeals on Tuesday....
Mark Jones

Gov. Cox appoints John Luthy to the Utah State Court of Appeals

Cache County Attorney John Luthy has been appointed by Gov. Spencer Cox to serve on the Utah State Court of Appeals. Luthy has been practicing law since 2003.
1 day ago
Police in Tooele are looking for an armed robbery suspect that forced three schools into lockdown o...
Mark Jones

Three schools in Tooele went into lockdown Tuesday afternoon

An armed robbery suspect caused three schools in Tooele to go into lockdown on Tuesday afternoon. The lockdown was lifted at the end of the school day. The suspect is still being sought.
1 day ago
Dr. Martin W. Bates was unanimously voted by the Salt Lake City Board of Education to serve as the ...
Mark Jones

Interim superintendent is named for Salt Lake City School District

After the departure of Dr. Timothy Gadson as superintendent, Bates agreed to come out of retirement to serve as the interim superintendent.
1 day ago
Utah Senate candidate Evan McMullin is taking a political action committee and three television sta...
Michael Houck, KSLTV.com

Evan McMullin sues super PAC, three Utah news stations for defamatory ad

Utah Senate candidate Evan McMullin (I) is taking a political action committee and three television stations to court for a defamatory ad.
1 day ago

Sponsored Articles

Young woman receiving laser treatment...
Form Derm Spa

How facial plastic surgery and skincare are joining forces

Facial plastic surgery is not only about looking good but about feeling good too. The medical team at Form Spa are trained to help you reach your aesthetic outcomes through surgery and through skincare and dermatology, too.
large group of friends tohether in a park having fun...
BYU MBA at the Marriott School of Business

What differentiates BYU’s MBA program from other MBA programs

Commitment to service is at the heart of BYU’s MBA program, which makes it stand out among other MBA programs across the country.
a worker with a drill in an orange helmet installs a door in the house...
Price's Guaranteed Doors

Home improvement tip: Increase the value of your home by weatherproofing doors

Make sure your home is comfortable before the winter! Seasonal maintenance keeps your home up to date. Read our tips on weatherproofing doors.
Curb Appeal...
Price's Guaranteed Doors

How to have the best of both worlds for your house | Home security and curb appeal

Protect your home and improve its curb appeal with the latest security solutions like beautiful garage doors and increased security systems.
A paper reading IRS, internal revenue service is pictured...
Jordan Wilcox

The best strategies for dealing with IRS tax harassment | You have options!

Learn how to deal with IRS tax harassment. This guide will teach you how to stop IRS phone calls and letters, and how to handle an IRS audit.
spend a day at Bear Lake...
Bear Lake Convention and Visitors Bureau

You’ll love spending the day at Bear Lake | How to spend a day at Bear Lake

Bear Lake is a place that needs to be experienced. Spend a day at Bear Lake.
A flaw in iOS 13 can expose your contact details, and Apple’s known about the problem since July