https://wccftech.com/ios-12-1-group-facetime-exploited-bypass-passcode/

Apple started rolling out iOS 12.1 to iPhones and iPads earlier this week. While the latest update fixed a number of security issues, including privilege escalation flaws, it appears it has also brought in some new problems for users. Jose Rodriguez, a Spanish security researcher known for finding ways to bypass lock screen passcodes, has discovered a bug that exploits Group FaceTime calls to give anyone access to an iPhone’s contact information without requiring a passcode.

Like most of the passcode bypass hacks we have seen in the past, this one also requires physical access to the target device. An attacker who has this access can make a call to the target iPhone from another iPhone. If the number isn’t known, Siri is always there to help you out (another reason why you should keep it disabled). Once the call connects, an attacker can access the contact information by: