IOS bug exposes years old pictures from users | MALDORK Memo

First let’s start off by defining a few terms that will be utilized throughout this memo. A
bug is an unexpected flaw in the hardware or software of a system that could be
brought on by a coding error. An OS or operating system is essential software that is
used to managing memory, apps, and hardware on a device and many other things.
Factory reset, also known as system wipe, is the restoration of device or system back to
the way it was when it came from the factory. The cloud is virtualized servers that can
be accessed over the internet to be utilized in many different ways such as backing up
data, storing data, running software, etc. PII or personal identifiable information is
information that can be used to help identify who you are, such as your full name, phone
number, email address, home address, and social security number.

What happening?

This week’s memo is going to be a little bit different from the previous ones as we will be
talking about bugs in operating system updates. Last week, it was brought to a lot of
people’s attention that after updating their Apple IOS and iPadOS to the most current
version, 17.5, photos that were deleted recently and even old photos deleted years ago
were starting to reappear. This story really gained traction after a group of concerned
individuals began posting in a Reddit forum wondering what was going on and if it was
happening to anyone else. According to Apple, what took place is that after the users
updated their systems, there was a database corruption that allowed the reappearance
of removed photos back into the photo library. They did not reply further to people’s
questions about what caused the bug and have since put out a new IOS and iPadOS
update, 17.5.1, that alleges to have fixed the issue.

Why should it matter to you?

This is a huge privacy concern considering that what is supposed to happen is that you
delete a photo, it goes into the recently deleted folder, and after a 30-day grace period
of no recovery, the photos that you deleted are permanently removed. It seems that
unfortunately that is not the case. One user stated that along with old pictures that
reappeared, so did some nude ones. Apparently when they say, “Once it’s on the
internet, it can truly never be deleted” they were also talking about personal photos

saved on your devices and in paid services that you trust like the cloud. One of the
biggest problems, however, is with what I am about to ask next. What happens if you
gave away or sold your old device after “deleting” everything personal off of it or even
factory reset it? Well, therein lies the issue once again. At least one person has reported
that after the IOS and iPadOS 17.5 update, the new owner/ current user who they gave
their device to was able to regain access to their old photos that were previously wiped
from the device. Yes, this means the worst-case scenario for some people once again
as their very private/explicit photos were even being resurfaced on machines that they
no longer had access to. Seeing how in today’s day and age we are required to upload
pictures of ID cards and take screenshots of documentation and passwords, which is
not recommended, this presents an issue with PII(Ital.) as well.

Call to action

The best thing to do in this situation is to abstain from taking explicit photos of yourself,
your partner, or people in general for that matter, to prevent the age-old adage of things
never truly being deleted. Moreover, avoid taking photos of things that contain PII
unless absolutely necessary. Also, do not take photos of passwords but instead try to
either memorize or physically write them down and store them somewhere where they
cannot be accessed by anyone other than yourself. Try to remember, if you do not want
anyone to see it, you probably should not take a picture of it. However, in this case it
was not the user’s error as Apple’s programmers are the ones that made the coding
mistake. I believe that since you are always able to recover deleted photos if you have
a backup saved, that there is an Apple server that contains that backup data just in case
you would like to do a system restore to a previous version and that is where the error
took place. This does mean that if an attacker were to gain access to the database via a
privilege escalation attack for example, they would also have the ability to recover your
once forgotten and thought to be deleted data. Sadly, there is no sure-fire way to avoid

bugs, but there are methods companies like Apple can use for mitigation. The first
method is to make sure that user’s personal data are encrypted. The second method is
to not push out software updates until it is sandboxed and tested extensively. The third
and final method is ensuring that they have good access control management for
systems and servers to prevent malicious actors from gaining that escalated privilege to
begin with.

Resources
Axon S. (2024, May 20). iOS and iPadOS 17.5.1 fix a nasty bug that resurfaced old
photos. arsTechnica. https://arstechnica.com/gadgets/2024/05/ios-and-ipados-17-5-1-
fix-a-nasty-bug-that-resurfaced-old-photos/

Grinkevicius P. (2024, May 22). Apple fixes bug that caused old photos to reappear.
Cybernews. https://cybernews.com/tech/apple-bug-old-photos-reappearin/

By Geo