Last month, we heard of multiple iOS 12 lock screen bypass methods discovered by Jose Rodriguez.

Using these techniques, an attacker could easily bypass the iPhone passcode and access the photos, contacts, and other data stored in the device. After the bypass methods surfaced online, Apple began working to fix the glitches along with other vulnerabilities and rolled out iOS 12.1. While the users should expect a seamless user experience with the updated version, Jose Rodriguez pointed out another problem. As demonstrated, the Group FaceTime feature, upon exploit, can lead to iOS 12.1 lock screen bypass, allowing the attacker to access device contacts
.
iOS 12.1 Lock Screen Bypass Via Group FaceTime Exploit.
Reportedly, Jose Rodriguez found a method that triggers iOS 12.1 lock screen bypass by exploiting the group Facetime feature. The trick does not necessarily require using Siri, unlike the previous passcode bypass methods for iOS 12.
According to Rodriguez, invoking the newly introduced Group FaceTime feature in the iOS 12.1 could allow an attacker to access user contacts. To exploit this bug, the attacker must have physical access to the device.
All it takes for an attacker is to call the target iPhone from any other iPhone, and invoking Group FaceTime after the call connects. Group FaceTime allows video chats with as many as 32 contacts. It means the feature involves access to the contacts stored on the device. That’s where the glitch resides. An attacker can simply tap “Add Person” from the menu, and then click on the “+” icon in the next screen. This is it! The entire contacts list now becomes exposed to the attacker. From here, the attacker can easily access further details for each contact by simply tapping individual contacts.

https://molesbite..com/2018/11/group-facetime-feature-on-ios-121-can.html?m=1