Microsoft has published details of CVE-2019-1314, a security vulnerability in Windows 10 Mobile that allows users to access your photo library from Cortana without unlocking the device. Naturally, you're only at risk if you have Cortana enabled on the lock screen, so the workaround is to turn that feature off.
What's more interesting is that Microsoft isn't going to fix it, as it clearly pointed out in the bulletin. While support for most versions of Windows 10 Mobile - including 1511, 1607, and 1703 - has ended, support for version 1709 doesn't end until December 10; indeed, it still receives new cumulative updates on every Patch Tuesday.
The updates it receives aren't exactly meaningful or even specific to Windows 10 Mobile. The various changelogs only ever say that the update includes the same fixes as the update for Windows 10 version 1703 or 1709. It's not surprising that Microsoft is putting minimal effort into Windows 10 Mobile though, given that most users have moved on to iOS or Android by now.
The severity of the security feature bypass is listed as 'important', but the good news is that the person trying to access your photos needs to have physical access to the device. Of course, you can always just turn off Cortana on the lock screen.
16 Comments - Add comment