A major security issue has been discovered in iOS 15. The flaw concerns access to user notes, accessible through a vulnerability in the VoiceOver feature.
It was cybersecurity researcher Jose Rodriguez who exposed the problem on Twitter. He clarified that the flaw was also present on iOS 14.8 as well as in the pre-launch version of iOS 15, reports Phonandroid. It would therefore be possible to access the notes of an iPhone, without having to unlock it.
An expected update
In a video, Jose Rodriguez activates VoiceOver thanks to Siri. Once in the control center of the iPhone, he can access the notes, but no content is revealed. However, thanks to a new opening of the control center, then by accessing the stopwatch, the researcher manages with a few manipulations to the previously opened Notes application.
It is then possible to read all the content, select it and even copy / paste it. The notes can then be messageed to someone calling or writing to the hacked smartphone.
This flaw should quickly be corrected by Apple, which should offer a security update. The latest proposed update fixed another security flaw, which allowed code to be executed on a user’s device.