A new security flaw has been found in iOS 12.1 that allows an iPhone lockscreen to be bypassed to access a user’s iOS Contacts without requiring authentication, The Verge reports. The exploit provides access to all of the contact information on an iPhone after activating a FaceTime call and accessing the new Group FaceTime feature to add another contact to the call.
The exploit only works on iOS 12.1, since it relies on the Group FaceTime feature that was introduced in that version, and while it also requires physical access to the device, as The Verge notes it can still be a serious problem for victims of domestic abuse. While Apple will presumably work to close this security hole fairly quickly, the flaw it still present in yesterday’s release of the first iOS 12.1.1 beta as well, so it’s unclear when a fix will be pushed out.
.
