A contacts exploit was discovered in iOS 13 that lets a person bypass Face ID / Touch ID to see an iPhone’s contacts.
Relatively little is at stake with this exploit. Beyond the inherent danger of an assailant having your iPhone, this method only allows someone to view the contacts within the target iPhone, provided that they have physical access to the target phone and can complete the VoiceOver exploit.
Little is at stake, but there have been so my iOS exploits in the news lately that we might as well go straight to iOS 13.1.
Another Apple hack shown off over the weekend at Def Con 2019 involves iOS Contacts and a SQLite vulnerability. But it’s not something we need to worry about. Emphasis mine:
Documented In a 4,000-word report seen by AppleInsider, the company’s hack involved replacing one part of Apple’s Contacts app and it also relied on a known bug that has hasn’t been fixed four years after it was discovered…
They replaced a specific component of the Contacts app and found that while apps and any executable code has to have gone through Apple’s startup checks, an SQLite database is not executable.
Basically, it sounds like the bug is only available if you specifically remove a key component of Contacts.
Cardhop 1.1 came out today, bringing with it a lot of improvements: Template settings to customize fields and labels for new contacts; smart group templates: Create smart groups that automatically update based on common contact searches; multiple business cards: create separate business cards for different situations; business card settings automatically sync between devices using iCloud; stickers! Express yourself in iMessage with Cardhop’s sticker pack; Gravatar support to automatically find contact photos by email when adding or editing contacts; support for sending messages to groups with the parser; added YouTube social profile label, and more. App Store: US$3.99
iOS 13 locks down private notes in Contacts, preventing apps from accessing this content like they could in the past.
Vignette app allows you to change all those ugly grey circles with initials into actual photographs. By searching Twitter, Facebook, Instagram, and Gravatar—no login required—Vignette will attempt to pair your contacts with their profile pictures on social media. After amassing all these images, using Vignette’s easy to use interface, you can select which avatar you’d like to use, or none at all. Once you’re all set, Vignette will write those updates to your contacts database on your phone. That means in Messages, Phone, and all of your other apps, you see beautiful images instead of ugly initials. Vignette is free to try, but in order to save the updates to your contact list, you will need to buy the one-time in-app purchase. Vignette app runs entirely on your phone; your contacts stay on your device and are never transmitted *anywhere*. Privacy is a critical factor to Vignette; your trust is important and will not be squandered. App Store: Free (Offers In-App Purchases)
Sometimes an iOS app wants access to your Contacts — for good but sometimes also bad reasons. Here’s how control which apps can read your iOS Contacts. And revoke permission if necessary.
Cardhop is a popular contacts app for the Mac. It’s made by Felxibits Inc. makers of another popular app Fantastical 2. Cardhop has finally arrived on iOS. The app’s parsing engine is incredibly intuitive, letting you search, add, edit, and interact with your contacts using a simple sentence. Just type in “John G” and John’s card will instantly appear. Or enter “Sarah Smith [email protected]” and Cardhop will add a new contact to Sarah’s card. Or type in “call Michael S” and Cardhop will instantly start a phone call. Cardhop automatically loads your contacts in Apple’s Contacts app, so you don’t need to do much except tap the Allow button. Plus, the company says that your contact information stays on your iPhone and isn’t uploaded to their servers. Right now the app is available for 20% for a limited time as part of the launch sale. App Store: US$3.99
Cardhop from Flexibits is already a pretty handy tool for viewing and managing contacts on your Mac, and its latest update adds Instagram to the list of social networks you can include in contact entries.
This will stop new apps you install from accessing iOS contacts, and lock the current app settings.
If syncing is now removed, then I wonder if Apple will end up removing Facebook from Internet Accounts.
Today’s Quick Tip is all about those grey suggestions in Calendar and Contacts that may be coming from other apps around your Mac. If you’ve made a flight reservation and see that event show up automatically on your calendar, that may be handy! But if you’d rather someone’s business phone number not get added to her contact card, for example, you may find the feature less helpful. We’ll tell you how to stop this from happening in either program!
Mac Geek Gab listener Chris has a solution to fix iCloud contacts, and it’s called the nuclear option.
I’ve had this happen several times when I zoom in on a person’s face in a photo, and later it displays a different area of the image.
Flexibits is hoping to do for contacts what it did for calendars on the Mac with its new Cardhop app.
iOS 11 Developer Beta 4, and now Public Beta 3, changed the Contacts icon from a notebook with the silhouette of a man to a man and a woman. That’s a subtle detail, but one that people are noticing. The tech world has a strong cis male bias—so much so that women, transgender, and anyone that doesn’t embrace the good-old-boys-club attitude are often ridiculed and harassed—that needs some serious shaking up, so sometimes those little things can be a big deal.
If emails that you send to someone seem to be going to the wrong person (at least, according to Apple Mail), we’re here to help you troubleshoot that. The problem could be in your Contacts program. The problem could be in Mail. Let’s sort it all out!
Melissa Holt has a few pointers on how to trim down who is in your Contacts list without committing to losing those entries forever.
If your contacts list contains duplicated data because you’re using more than one account to sync (like, say, both a Google one and your iCloud one), Melissa Holt has a fix to link them together.