Forbes reports that two hackers came together to find this unique vulnerability in the Safari browser on Apple devices running iOS 12.1. However, the attack might not be limited to just photos. During the setup of the concerned iPhone,
a photo had been deleted and remained on the disk. As it was the first
file that the hackers found on the disk, it was used for the
vulnerability demo. Thus, ios 12.1 might have some undiscovered loopholes, as this one one has been unmasked.
The two hackers, whose names are Richard Zhu and Amat Cama have earned themselves $50,000 for the attempted and successful hack of an iPhone
X that allowed them to grab a photo that was supposed to have been
deleted from the device. Right now, as Zhu and Cama proved, it’s possible for remote attackers to
get access to the “recently deleted” photos. And the vulnerabilities
that allowed them to do that will remain open until Apple issues
The report goes on to explain that the bug was
part of the JIT (just-in-time) compiler which is designed to make the
iPhone faster by speeding up computer code compilation. In a “coffee
shop scenario”, the two hackers managed to exploit this JIT compiler
using an attack via a malicious Wi-Fi access point.
has been informed about this bug, it hasn’t yet issued a resolution. The
tech giant hasn’t even released a statement yet, but we can expect that
to happen soon given the popularity of this event.