A new vulnerability discovered in Apple’s latest iOS, 12.0.1, released last week, allows an attacker with physical access to an iPhone entry into photos on a locked phone, according to Jose Rodriguez, a Spanish security researcher.

While the bypass bug, reported by The Hacker News, does require that an attacker have physical access to an iPhone, an attacker could still access the photo albums and send selected pictures using Apple Messages even if the phone is locked.

Rodriguez reported the bug and provided a proof-of-concept video via YouTube in which he demonstrated various steps of the attack, which starts with an incoming call to the targeted iPhone.