A hacker duo that goes by the name Fluoroacetate has managed to successfully show off an exploit to recover deleted photo or files from the iPhone X, running the latest iOS 12.1, during the Pwn2Own hacking contest in Tokyo, earning them a bounty of $50,000.
Demonstrating the hack on the show floor, Richard Zhu and Amat Cama showed off how you can connect to the target iPhone X via a malicious Wi-Fi access point and be able to exploit a vulnerability in Safari browser to get access to deleted files on the device.
First reported by Forbes, the hacker duo was able to use a just-in-time (JIT) compiler bug to gain direct access to the ‘Recently Deleted’ folder, which stores the photos you’ve deleted for the next 40 days before permanently deleting them if you want to get them back.
The hackers can use this particular vulnerability to get access to any file that’s processed using the just-in-time compiler and remains on disk even after being trashed by the user. This sounds scary, right? The duo was able to use this exploit for a sandbox escape and ultimately, helping the duo rake in a total of $215,000 in the form of bounty.
How to Protect Yourself from This Exploit?
Well, the simplest method to safeguard your deleted files, especially photos on last year’s iPhone X is to permanently delete them from the ‘Recently Deleted’ album folder instantly after deleting them from the library.
As for the security of other files, Apple has already been made aware of the bug and may have already working on patching the same via a future iOS update. Until then, we would suggest you do not connect to unknown Wi-Fi networks as malicious actors could be on a lookout for their next prey.
