Spanish hacker Jose Rodriguez who has the channel videosdebarraquito, on YouTube has just unveiled a new yet unpatched complex vulnerability in iOS 12, which can give users access to contacts and photos even with the Touch / Face ID protected iPhone.
As the two videos below show, the process is very boring and depends on the accessibility system. VoiceOver be enabled and disabled by Crab multiple times. Moreover, even after access to the photos themselves in total.
As you can see, in addition to the bad guy having to have the victim's iPhone in his hands, he needs to have Siri enabled on the locked screen and he still needs another iPhone to make a call and send a message to what is being hacked. .
This same hacker has in the past reported other similar holes that were later fixed by Apple. Most likely, the fix in this case should come from iOS 12.1 (whose first beta remains vulnerable to that) or perhaps a 12.0.1 of life that could be made available to users faster.