CVE-2017-13844

Vulnerability

The vulnerability resides in the "Messages" component of iOS versions prior to 11.1. When the device is locked, a physically proximate attacker can leverage the lock-screen's "Reply With Message" action to view arbitrary photos stored on the device. The issue was addressed in iOS 11.1, which was released on October 31, 2017 [1].

Exploitation

An attacker must have physical proximity to an unlocked device that is in the lock-screen state (i.e., the device is locked but notifications or quick actions are accessible). The specific sequence of steps involves using the device's lock-screen Reply With Message feature, which bypasses the normal authentication check for photo viewing.

Impact

A successful exploit allows a physically proximate attacker to view arbitrary photos that are stored on the device, bypassing the lock-screen protection. This leads to an unauthorized disclosure of visual information (confidentiality breach) without requiring the device passcode.

Mitigation

Users should update to iOS 11.1 or later, which was released on October 31, 2017 and addresses this issue [1]. No workaround is described for unpatched versions; maintaining physical control of the device is the only alternative until the patch is applied.