Saturday, September 29, 2018

iOS 12.0 Security Bug Workarounds


One of my common themes is the difficulty of writing secure software in our ever more complicated coding times. [Detailed rant withheld.] Therefore, any code of substantial complexity is going to have bugs and the worst bugs are typically security holes. The computer security community gradually adjusts to increased code complexity through new processes of complex code scrutiny. Here are a couple excellent examples along with, thankfully, a couple convenient workarounds. I've added relevant screenshots below:

Complex iOS passcode bypasses grant access to iPhone Contacts and Photos
By Mikey Campbell @appleinsider
Friday, September 28, 2018
A pair of extremely involved passcode bypasses discovered in Apple's latest iOS 12 can grant attackers access to Contacts and Photo data on a user's iPhone, including models protected by Face ID. . . .
Apple has yet to address the vulnerabilities in the latest iOS 12.1 beta. Concerned users can minimize exposure to the apparent bugs by disabling Siri lock screen access in Settings > Face ID & Passcode or Settings > Touch ID & Passcode under the "Allow access when locked" heading. The second attack can be thwarted by enabling password protection for Notes by navigating to Settings > Notes > Password

Please read through Mikey Campbell's article before enacting the workarounds in order to understand what you're changing in iOS 12. Turning off Siri at the lock screen may not cause problems. However, creating and having to use a password for your Notes may create inconvenience. It's the usual theme of security vs. convenience.