iOS 12.1 has a vulnerability that can give strangers access to your contact book

Apparently the vulnerability makes access someone’s contacts as simple as attempting a call using Siri.


On one hand, Apple has released the new MacBooks with the T2 Chips, which apparently keeps hackers and spies from being able to eavesdrop on your through your laptop’s microphones, on the other, iOS 12.1 has been hit by a nasty bug that allows full access to a device's contacts to other people.

This was first reported by YouTuber videosdebarraquito, who reveals that the Group FaceTime feature in iOS 12.1 is what holds the bug. Apparently, the ability to add up to 32 people to a FaceTime chat, even mid-conversation, can allow an attacker to access your contacts.

 iOS 12.1 has a vulnerability that can give strangers access to your contact book

Apple iOS 12. Image: Apple Website

Essentially, if on an iPhone or iPad the access to Siri on lock screen is turned on, which is usually the default setting on iOS, an attacker could simply start a regular voice call using Siri, which can then be transitioned to FaceTime via the call menu options. But that’s if and when the call goes to voicemail.

At that point, acting as if just adding participants to the FaceTime call, that could have access to a full list of contacts. Now of course, upfront, this list does not display specific information, like phone numbers and email addresses, however, if you force touch on an entry, a contextual menu with those details pops up, with no prompt for a passcode or any form of authentication.

While no case of anyone exploring the vulnerability has been reported yet, it is still a concerning oversight.


Find latest and upcoming tech gadgets online on Tech2 Gadgets. Get technology news, gadgets reviews & ratings. Popular gadgets including laptop, tablet and mobile specifications, features, prices, comparison.