The vulnerability was demonstrated at the contest for security Mobile Pwn2Own in Tokyo. A Duo of hackers, Richard Zhu and Amat Kama – managed to win the main prize of 50 thousand dollars.
The attack was subjected to X iPhone running on iOS 12.1. Through a hole in the Safari browser, which is traditionally the weak point of “Apple” products, and a specially configured access point Wi-Fi hackers have managed to go to a special section of the drive, where for 30 days stored deleted photos. With the help of vulnerabilities in code dynamic JIT compiler they managed to recover.
The hackers claim to have notified Apple about the found vulnerabilities, but the company has not followed any reaction.
Also in the competition Zhu and Kama showed the methods of such manipulation Android devices for example, the apparatus Xiaomi Mi 6 and Samsung Galaxy S9. In the end, the Chinese Duo was awarded the title “Master of hacking” and paid a large cash prize.