A hacker duo that goes by the name Fluoroacetate has managed to successfully show off an exploit to recover deleted photo or files from the iPhone X, running the latest iOS 12.1 obviously, during the Pwn2Own hacking contest in Tokyo, which earned them a whopping $50,000.
While demonstrating the hack on the show floor, Amat Cama and Richard Zhu showed off how you can connect to the target iPhone X through a malicious Wi-Fi access point and be able to exploit a breach in Safari browser then you can get access to deleted files on the device.
It was first reported by Forbes; the hacker duo was able to use a just-in-time (JIT) compiler bug to gain direct entry to the ‘Recently Deleted’ folder, which stores the photos you have deleted for the next 40 days before permanently erasing them in case you want them back.
The hackers can also use this vulnerability to get access to any file that is processed using the JIT compiler and remains on disk even after the user has trashed the file. This sounds scary, and it shows that also deleted files are no longer safely deleted and can be grabbed by a wrong person. The duo hackers were able to use this exploit for sandbox escape and ultimately, helping the hackers to take in a total of $215,000 in the form of bounty.
How you can protect yourself from this exploit?
Well, the most natural methods are to safeguard your deleted files especially image files on last year’s iPhone X. So I will advise you delete the data from the ‘Recently Deleted’ album folder instantly after you have removed them from the library.
And as for the security of other files, Apple has been made aware of the vulnerability, and they are already working on a patch to take of the bug but through a future iOS update. Until then, we would suggest you don’t connect to a Wi-Fi network you don’t trust as malicious actors could be on the watch for their next prey.