Apple just released the latest iOS 12.1 mobile operating system for compatible iPhone, iPad, and iPod touch models globally. This update offers certain new features including Group FaceTime, Depth Control, several new emoji, and performance management tweaks. However, hours after the release, a lockscreen bypass was found – which could allow anyone to access the entire contact list without entering in the lock screen password. A fix for the flaw has not been issued by Apple yet.
Soon after the release of iOS 12.1, a video was posted to YouTube that shows how the lockscreen can be bypassed to access the contact list. According to the video, the an attacker can make a call using Siri on the lock screen, convert it into a FaceTime call, and gain access into the Contacts list on the iPhone. This includes visibility of complete numbers, messaging app usernames, designations, company details, and email addresses (official and personal). The video also shows the user switching on Airplane Mode on the phone to enable unlimited access to the contact list. This is because the FaceTime call would not be able to connect without any network in such a situation. We were able to independently verify that the bypass indeed works, on our iPhone X running iOS 12.1.
Another bug earlier this month plagued certain Apple Watch Series 4 users in Australia. The change to Daylight Savings Time (DST) in the country resulted in reboot loops for the smartwatch rendering it useless for several users. This bug was due to the Daylight Savings Time flaw in the new Infograph Activity complication.