CVE-2017-7139

Vulnerability

A timing bug in the Phone component of iOS before 11 allows an attacker to obtain a secure-content screenshot that was captured during a locking action. The issue is present in iOS 10 and earlier versions, and is fixed in iOS 11 [1]. The bug triggers when the device locks while a secure screenshot is being taken, potentially leaking the contents of the screenshot.

Exploitation

An attacker must have physical access or be able to observe the device screen during the brief window after the display locks but before the screenshot is fully discarded. The attack leverages the timing discrepancy to capture the screenshot data before it is cleared. No user interaction is required beyond the normal locking action.

Impact

Successful exploitation allows an attacker to view sensitive information that was on the screen at the time of the lock, such as emails, messages, or other private content. This is a disclosure of confidential information that the user intended to protect with the device lock.

Mitigation

Apple fixed this issue in iOS 11, released on September 19, 2017 [1]. Users should update to iOS 11 or later. There is no workaround for affected versions; upgrading is the only mitigation.