Apple wasn’t storing deleted iOS photos in iCloud after all
Security researchers reverse-engineered Apple's recent iOS 17.5.1 update and found that a recent bug that restored images deleted months or even years ago was caused by an iOS bug and not an issue with iCloud.
Despite widespread reports from users and tech outlets confirming the alarming issue, Apple remained silent about the root cause, failing to address people's valid concerns.
Today's report can now ease people's concern that Apple was indefinitely storing media users deleted a long time ago, which would have been a massive breach of privacy.
Apple fixed the bug in iOS 17.5.1, which was released on Monday.
Reappearing images
Since the release of the public beta of iOS 17.5, iPhone users reported the unexpected re-appearance of deleted images on their devices. This bug made it into the final release, reaching a much broader user base and resulting in numerous reports of this problem on Reddit.
"I have four pics from 2010 that keep reappearing as the latest pics uploaded to iCloud. I have deleted them repeatedly," a user said in the Reddit thread.
"Same happened here photo from September 2022 just appeared out of nowhere in recents section in photos app , weird," reported another user.
Since the restored photos were a lot older than the 30 days iOS's "Recently Deleted" system is set to keep files for, it quickly became clear that something else was happening.
To make matters worse, Apple's silence left room for speculation, with some thinking Apple wasn't being transparent in their data policies to images not being properly deleted from memory.
Researchers give the answer
Analysts at Synactiv reverse-engineered the iOS 17.5.1 update that addressed the problem, examining the IPSW files and comparing the DYLD shared caches of the two versions to find changes.
Through this process, Synactiv identified significant changes in the 'PhotoLibraryServices,' specifically the 'PLModelMigrationActionRegistration_17000' function.
Apple removed a routine in the function responsible for scanning and re-importing photos from the filesystem, which caused it to reindex old files on the local file system and add them back to people's galleries.
"Based on this code, we can say that the photos that reappeared were still lying around on the filesystems and that they were just found by the migration routine added in iOS 17.5," explained Synactiv.
"The reason why those files were there in the first place is unknown."
Although this finding reassures users that Apple isn't storing their deleted files on the cloud and "accidentally restoring" them one day, it also acts as a reminder that deleted files can persist in memory until the blocks are overwritten with new data.
BleepingComputer contacted Apple multiple times regarding the photo-restoration bug and again to validate Synactiv's findings but have yet to receive a response.
source: BleepingComputer
Free security scan for your website
Top News:
Attackers are exploiting 2 zero-days in Palo Alto Networks firewalls (CVE-2024-0012, CVE-2024-9474)
November 18, 2024CWE top 25 most dangerous software weaknesses
November 21, 2024Chinese APT Gelsemium Targets Linux Systems with New WolfsBane Backdoor
November 21, 2024Microsoft rolls out Recall to Windows Insiders with Copilot+ PCs
November 23, 2024Download: CIS Critical Security Controls v8.1
August 8, 2024Hackers now use AppDomain Injection to drop CobaltStrike beacons
August 24, 2024