Winning a prize of $50,000, two hackers have found a bug in iPhone X that allows you to recover your recently deleted photos or file. The exploit was discovered during a mobile contest where hackers locate bugs in iOS and Android. Richard Zhu and Amat Cama unveiled the vulnerability there and also presented it in a demo. As of now, Apple was notified about the bug but it will remain accessible until the next iOS update.
The exploit needs some access to the target device, but researchers think that it can be deployed through a malicious Wi-Fi access point, putting it within reach for many attackers.
Usually, when you delete a photo from your iPhone it transfers to “Recently Deleted Images”. From there, it is erased after 40 days automatically. If you want to delete it immediately, you have to once again delete the file from “Recently Deleted Images”.
The two hackers found a way for the remote actors to recover these Recently Deleted Photos. They have found a vulnerability in the just-in-time (JIT) compiler -a program that processes computer code as a program runs. It is possible to retrieve the recently deleted files if the compiler is compromised. That makes any data processed by JIT compiler vulnerable to attack. Researchers simply used the photo for a proof.
So far, there is no word from Apple.