A new bug discovered in iOS 13 has a major privacy flaw. The bug was first reported by Jose Rodriguez, who reported the issue to Apple in July, but the bug still works on the Gold Master (GM) version of iOS 13, which is expected to be released on September 19.
The Verge reports that this new bug allows users to exploit an issue with the lockscreen, allowing them to bypass having to unlock their phone and access the full list of Contacts on the phone, as well as the details for each individual contact — that includes the names, phone numbers, emails, etc.
Rodriguez shared a video demoing the exploit in action, and it seems to use a FaceTime call to activate VoiceOver, and then using Siri to get access to the Contacts list:
The exploit was confirmed to be working in the iOS 13.0 GM release, but Apple seems to have addressed the issue in iOS 13.1 betas, which is expected to arrive for the public on September 30.
The exploit would require physical access to a phone, but it is still a major security flaw in iOS that puts your privacy at risk. This also wouldn’t be the first time in the recent months where Apple has shipped versions of iOS with major privacy flaws.