large image

Trusted Reviews is supported by its audience. If you purchase through links on our site, we may earn a commission. Learn more.

A new iPhone lockscreen exploit has been discovered in iOS 12.1

Apple may have only released the iOS 12.1 update this week, but researchers have already discovered a security flaw that could allow anyone to access contacts on a locked iPhone.

Spanish security expert Jose Rodriguez was the first to spot the exploit (via Hacker News), and did so a matter of hours after the release of the software update.

Read more: Best VPN

The issue, it appears, lies within Group FaceTime, which was introduced to the iPhone with the latest version of iOS, and let’s you video call up to 32 people at once.

An attacker, it should be noted, would need physical access to the target iPhone.

To trigger the exploit, they would first need to call the target iPhone from another iPhone. Then, on the target iPhone, they can simply tap the FaceTime icon, then hit ‘Add Person’ and the + icon.

Doing this opens up access to the target iPhone’s entire contacts list, and an attacker can view more information about individual contacts with the aid of 3D Touch.

The video embedded below shows the hack in action.

According to Hacker News, the exploit works on all iPhone models − including the iPhone X, iPhone XS and iPhone XS Max − running iOS 12.1.

The iPhone 5SiPhone SEiPhone 6, iPhone 6 PlusiPhone 6S, iPhone 6S Plus, iPhone 7, iPhone 7 Plus, iPhone 8, iPhone 8 Plus and iPhone XR are also eligible for the update.

Read more: Best smartphone

Unfortunately, iPhone users will have to wait for Apple to issue a patch before they’re safe again. For now, the best thing you can do to protect yourself is not leave your iPhone lying around.

Have you been caught out by an iOS lockscreen exploit in the past? Share your experiences with us on Twitter @TrustedReviews.

Why trust our journalism?

Founded in 2004, Trusted Reviews exists to give our readers thorough, unbiased and independent advice on what to buy.

Today, we have millions of users a month from around the world, and assess more than 1,000 products a year.

author icon

Editorial independence

Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.

author icon

Professional conduct

We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.