New York (CNN Business) A flaw in iOS 13, the new iPhone operating system Apple released Thursday, exposes contact details stored in iPhones without requiring a passcode or biometric identification. And Apple (AAPL) has known about the flaw since July, a person who reported the bug to Apple told CNN Business.

A hacker would need physical access to a target's phone to complete the hack — but once it is in their possession they could bypass Apple's standard security features like facial I.D. Once they have done so, they can access the phone's address book and see information for contacts stored on the phone, as well as indications of the most recent contacts with whom the phone's owner had been communicating.

Jose Rodriguez, a cybersecurity enthusiast, living in the Canary Islands, contacted Apple on July 3rd suggesting that he had found a "passcode bypass" and asked if his findings would be eligible for an Apple Security Bounty — a program that rewards security researchers who bring bugs to Apple's attention.

Apple promptly followed-up on Rodriguez's tip and company staff had several calls with the researcher during which he walked them through the vulnerability on a beta version of the software, Rodriguez said.

Rodriguez provided copies of the emails and phone records of his correspondences with Apple to CNN Business.

Read More