- Click to share on Facebook (Opens in a new window)
- Click to share on Twitter (Opens in a new window)
- Click here to share on LinkedIn (Opens in a new window)
- Click to email a friend (Opens in a new window)
New York (CNN Business) - A flaw in iOS 13, the new iPhone operating system released by Apple on Thursday, exposes the contact data stored on those devices without requiring an access code or biometric identification. And Apple knew about the fault since July, a person who reported the error to the company told CNN Business.
A hacker would need physical access to the phone in question to complete the hacking, but once in his possession, he could circumvent Apple's standard security measures, such as facial recognition. Once done, you could access the address book and view contact information stored in the phone, as well as indications of the most recent contacts with whom the phone owner has been in communication.
José Rodríguez, a cybersecurity enthusiast, who lives in the Canary Islands, contacted Apple on July 3 and said he had found a “password bypass” and asked if his findings would be eligible for the Apple Security Bounty, a program which rewards those who alert the company to failures.
(Photo by Andrew Burton / Getty Images)
Apple immediately followed up on Rodriguez's alert and company personnel made several calls with the investigator during which he guided them through the vulnerability in a beta version of the software, Rodriguez said.
Rodríguez provided CNN Business with copies of emails and telephone records of its correspondence with Apple.
Suspecting that Apple might not fix the fault before launching the new operating system, last week, Rodriguez made his findings public.
CNN Business was able to replicate the bug Tuesday on iPhones that had been updated to the official version of iOS 13.
Apple confirmed that the fault Rodriguez identified would be fixed in the next version of the operating system, iOS 13.1, which is due to be released on September 24.
Previously, the company had anticipated the release date of that update, originally announced on September 30. The company declined to confirm if Rodriguez's discovery had caused the date to advance.
IOSApple Updates
