A new video posted by Jose Rodriguez, who has outed iOS glitches before, reveals a new passcode bypass vulnerability in iOS 12. This flaw can allow hackers to see photos and contacts on a locked Apple iPhone. Keep in mind that it is complicated and it takes quite a few operations to take advantage of the vulnerability. The iPhone being targeted must be in the hands of the hacker for this attack to work.
The operation requires the use of the VoiceOver feature, which reads out loud what is appearing on an iPhone's screen. It also requires the hacker to have a second phone, which is used to make a phone call and send a text message to the targeted iPhone. The bottom line is that an attacker can access an iPhone user's contacts and photos by bypassing the passcode screen.
This passcode bypass can be done on any iPhone running iOS 12, and it does not appear as though Apple patched this with the iOS 12.1 beta. However, vulnerable iPhone users can put a kibosh on this whole hack by blocking access to Siri from the lock screen. To do that, go to Settings > Face ID & Passcode and under the menu that reds "Allow access when locked," disable the Siri toggle. If you have an iPhone with Touch ID, go to Settings > Touch ID & Passcode and head to the "Allow access when locked menu" to disable the Siri toggle.
You can view the Passcode bypass in action by clicking on the video at the top of this article.