Apple iPhone 11, iPhone 11 Pro and iPhone 11 Pro Max are currently available for pre-orders. All of the devices will ship with iOS 13, which currently has a confirmed security vulnerability that allows attackers to access the contact information on the device.
According to a security researcher, Jose Rodriguez, it is possible to bypass lock screen protection in iOS 13 and attackers can access contact information from the target iPhones.
To use this exploit to gain access to your phone, the attacker needs to have physical access to your iPhone. And even if the attacker is able to gain access to your iPhone, he needs to still make a call or FaceTime session from another phone along with a number of relatively complex series of responses. For this, the attacker needs access to your phone for a few minutes.
According to a report by Apple Insider, “Once the call is placed, the call recipient must opt to respond with a custom message rather than answer the call.” However, during this VoiceOver using Siri has to be turned on and off again from the message screen. After which the attacker needs to add to the contact field, which allows them to see the contact information of any contact in the phone.
According to The Register, users for now can disable the reply with message feature on the device. To do this users need to head to the device’s Face ID & Passcode settings and then in the allow access when locked section they need to disable the option.
In the report The Register states that Apple will fix the issue in the iOS 13.1 update, which will release on September 30, however, that means iOS 13 will still be vulnerable to this attack.