Two hackers receive a $ 50.000 reward for finding errors that allow access to iPhone X, and which allows you to recover a previously deleted photo or file. During a mobile contest where hackers spotted bugs on the iOS and Android, two hackers Richard Zhu e Amat Bed discovered the vulnerability and presented it in a demonstration.
So far, the Apple Lossless Audio CODEC (ALAC), has been notified of the bug, but remains accessible at least until the next iOS update, as first reported by our source. While the attack requires some access to the target device, the researchers believe it can be deployed via an access point Wi-Fi malicious, putting it within the reach of many invaders.
When the user deletes a photo on iPhone X, iOS first asks “This photo will be deleted from iCloud Photos on all your devices“, Accompanied by a button Delete photo. After doing this, the user will see the photo in the “Recently Deleted”(It will be deleted immediately if you have no more iCloud storage). Afterwards, the user can then go to the folder Recently deleted, in order to delete the photo immediately, otherwise it will be slowly deleted after 40 days have expired.
However, the two hackers have figured out a way for remote actors to retrieve these recently deleted photos. Both found a vulnerability in the compiler just-in-time (JIT), which supposedly processes the computer code while a program is running, hence the name. If the compiler is compromised, it is possible that the invaders will recover the recently deleted files. In theory, any data processed by the JIT compiler could be vulnerable to attack; The researchers simply used a photo as proof of concept.
