A hacker duo has successfully been able to retrieve deleted photos or files from the iPhone X during the Pwn2Own hacking contest in Tokyo.
The hackers Richard Zhu and Amat Cama teamed up as Fluoroacetate at an event to find a vulnerability in iOS and Android devices. They connected to exploit the weakness in the Safari browser which is running on the latest iOS (12.1) device.
They show off the vulnerability by connecting the device to a malicious Wi-Fi access point and exploited a vulnerability in a just-in-time (JIT) compiler-- these are programs that translate computer code while a program is running, rather than before.
The bug in JIT let attackers gain direct access to the ‘Recently Deleted’ folder, it stores deleted files and photos for up to 40 days before permanently deleting it from the device.
This vulnerability earned them whooping $50,000.
Apple has been informed about the bug, but they have not patched the vulnerability.