The Mac Security Blog

Security & Privacy

iOS 17.5 bug undeleted sensitive photos—allegedly on devices you no longer own (Updated)

Posted on by

Apple released iOS 17.5 and iPadOS 17.5 last week, which included fixes for several security vulnerabilities. But these updates also seemed to introduce a serious bug. Some users found that photos that they deleted years ago—some of a sensitive nature—suddenly showed up in the Recents album again, as though they were new.

And some people who purchased used or refurbished iPhones or iPads reported seeing previous owners’ deleted photos on their device.

Let’s break down what we know, what Apple has said about it, and how to resolve the problem. (Updated to add Apple’s statement from May 23)

In this article:

Why does it matter if old photos resurface?

People may have sensitive photos in their Photos library. In some cases, they may be of the “not safe for work” variety. Many people also take photos or screenshots of sensitive documents. These may include passwords, FileVault or user account recovery codes, two-factor authentication QR codes, completed medical forms, social security cards, credit cards, etc.

People take pictures of many things, and they expect that Apple will keep their photos private. Apple says in its advertising campaigns: “Privacy. That’s iPhone.”

And if your own photos of any sensitive nature—whether nudity, passwords, medical info, or otherwise—show up on a device that no longer belongs to you, then some of the most sensitive parts of your life may be exposed. That’s the allegation from a couple of user reports, anyway; there hasn’t been any hard evidence to support such a claim.

As implied by those couple of unverified reports, even users who hadn’t updated to iOS 17.5 or iPadOS 17.5 could still have had their “deleted” photos appear on a device they sold some time ago, which now belongs to someone who did install the 17.5 update. Update: Apple claims that such user reports were “false.”

Early reports of deleted photos resurfacing on users’ own devices

MacRumors referenced a Reddit thread that has some rather disturbing reports from users. The first post reads:

Erm, so yeah. Very creepy. Thoroughly freaked out.

Just completed the update. When in conversation with my partner, I went to send a picture and saw that the latest pictures were nsfw material we’d made years ago when we were living apart (covid etc). But WTF. It was permanently deleted. Years ago but magically it’s back?? I checked my iPad and it also has pictures (some art work I did years ago). I feel so uncomfortable. Anyone else got this issue? I mean with pictures coming back post update?

Over 200 comments later, many users confirmed that something similar happened to them as well. This said, the original poster has deleted their post without explanation, though the long comment thread remains.

Beta testers had similar findings, and posted about them a week before iOS 17.5 and iPadOS 17.5 were released to the public:

A photo I took two years ago has suddenly reappeared at the top of my photos app. I regularly delete photos from my photo library to export them to my PC, which makes this even stranger. It should’ve disappeared from my iPhone completely since that data should eventually become corrupt as new data is written. My only explanation is that somehow this photo has remained in iCloud. Has this happened to anyone else before?

It’s problematic that beta testers flagged the problem ahead of a widespread release, but Apple went ahead and released the updates anyway.

Reports of deleted images reappearing on second-hand iPhones and iPads

Many users securely erase and then sell, give away, or donate their old Apple devices. Users expect that if they go through Apple’s secure erase procedures, their devices will be thoroughly wiped of all old data, never to be recovered. (And we have every reason to believe that such is indeed the case, in spite of reports to the contrary.)

But in a couple of unverified reports, users with used or even refurbished devices found that they were seeing photos showing up under Recents that, they claim, never belonged to them.

From one report from Reddit, highlighted by MacRumors:

I wiped the iPad using official Apple guides before selling. I never logged into that iPad with my Apple ID after erasing the iPad. I sold my iPad to a friend in September 2023, they called me today after updating to iPad OS 17.5 and said my old pictures appeared in their Photos app… HUGE PRIVACY VIOLATION. I see other reports of this. How many people will get other people’s photos on the devices they bought from other people?

Allegedly, Apple was resurfacing images that had belonged to the original device owner, even though the iPad had supposedly been securely wiped and was using a different Apple ID.

Another MacRumors forum user later commented:

I had an old random photo from 2004 show up in my library with EXIF data that was from a camera I never had in my life. My iPad Pro is an AppleCare replacement from last year.

So, allegedly, the issue also happened with refurbished units that Apple itself distributed or sold to its customers. However, it’s entirely plausible that either of these users may have simply been mistaken, or might have made up their stories for attention.

Voicemails also reportedly reappeared for some users

The issue may not be merely isolated to photos (and perhaps videos) from the Photos app. There has also been an unverified report of deleted or already-listened-to voicemails reappearing as new. A developer named Stacey Smith commented on X:

After upgrading to iOS 17.5 on my Xr, voicemails that I had already listened to or deleted reappeared. Before the update, I had only one unheard voicemail, but now I have 26.

What does Apple’s documentation say about data retention?

It did not take long for this to spark a discussion about privacy. Let’s look at what Apple says about data retention, specifically as it pertains to iCloud Photos and iCloud in general.

From Apple’s support page titled “Delete and recover photos and videos on iCloud.com“:

When you delete a photo or video from Photos on iCloud.com, it’s also deleted from all your devices that have iCloud Photos turned on. If you change your mind, you have 30 days to recover it before it’s permanently deleted.

From Apple’s legal page titled “Apple ID & Privacy“:

iCloud Backup
To completely remove your backup data from iCloud, you can delete your individual backups before turning off iCloud Backup. Otherwise, the backup data will be retained for up to 180 days.

Retention
Where we delete an account, we make our best efforts to delete all personal data associated with your account. If we delete your personal data, we will both render certain personal data about you permanently unrecoverable and also de-identify certain personal data.

There are no specific mentions of Photos in the retention section, and what is there only applies to deleted Apple IDs. Apart from that, iCloud Backup retains data for up to 180 days. Photos that you delete and later wish to recover can be recovered on iCloud.com for up to 30 days.

Nothing here explains how photos from years ago could (allegedly) suddenly re-appear, let alone on devices that no longer belong to you, if those devices are not signed into your Apple ID. Therefore, the existence of a couple of unverified user reports that seemingly challenge this documentation should be viewed with skepticism.

How did this happen? (Updated)

If those handful of reports were to be believed, it might seem as though there may have been a problem with some serious privacy concerns. At the time, we could only speculate as to the cause of this alleged issue.

We do not know how Apple treats data on its servers, apart from what the company tells us in its public statements. Likewise, we cannot know precisely how data stored in iCloud is tied to a user or device. We can assume that data is tied to an Apple ID, but for old photos to allegedly show up on a wiped and sold iPad, if true, could hypothetically mean a device’s serial number or other unique identifier might factor in somehow (although we suspect not). Some have suggested that Apple’s erase-and-reset process might be flawed—though that’s extremely unlikely, and there’s scant evidence to support that theory. (Update: Apple has now claimed that users’ reports insinuating that photos may have been left behind after a secure erase were “false;” read on for more details.)

Apple issued a software update on Monday for iOS and iPadOS, staying that there was “a rare issue where photos that experienced database corruption could reappear in the Photos library even if they were deleted.”

How exactly does a photo itself “experience database corruption”? Given that the problem occurred on wiped devices signed into a different Apple ID, Apple’s statement might mean that an iCloud Photos database on an Apple server became corrupted. Perhaps an old, corrupted Apple database came back online recently, or was put into production (possibly mistakenly), and that caused deleted photos to return to the devices that formerly had those files on them.

But even that theory doesn’t fully explain what happened. That would seem to imply that iCloud Photos might had some kind of unique identifier tag on photos that associates them with a particular device to which they should be restored, and that there wasn’t a validation check in place to verify that the same Apple ID was still associated with that device before restoring the photo. It would also seem to imply that, if there was a validation check, it may have occurred on the device side before 17.5, rather than the server side, since users of 17.4.1 and earlier weren’t experiencing the same issue.

It’s unlikely that the “Erase All Content and Settings” feature may have been flawed for years, leaving unencrypted images behind on the device instead of truly erasing everything; there’s insufficient evidence to suggest that’s the case.

We’ve reached out to Apple for clarification, but Apple has not responded. Update: Apple responded to 9to5Mac; see below.

So far, reports have not indicated whether or not macOS Sonoma 14.5 or watchOS 10.5 may have been impacted by this flaw.

Apple finally clarifies what happened

Update: On Thursday, May 23, Apple responded to 9to5Mac’s inquiry about the bug. Some relevant excerpts:

Apple confirmed to me that iCloud Photos is not to be blamed for this. Instead, it all boils to the corrupt database entry that existed on the device’s file system itself.

According to Apple, the photos that did not fully delete from a user’s device were not synced to iCloud Photos. Those files were only on the device itself. However, the files could have persisted from one device to another when restoring from a backup, performing a device-to-device transfer, or when restoring from an iCloud Backup but not using iCloud Photos.

In other words, Apple claims that there was not a database corruption issue on iCloud servers. Rather, the database corruption happened in the Photos Library on individual devices.

Since users typically transfer their data when upgrading to a new device, that corrupted database (and any orphaned photos) got copied over.

Apple alleges that reports of someone else’s photos appearing were “false”

Apple also claims that images will never resurface on a device that had been properly wiped following its Erase All Content and Settings procedure. According to Apple, any claims suggesting that photos might have remained behind after a secure erasure are “false.”

If that’s true, then perhaps the original report from the person who sold their iPhone to a friend, and the later report about the AppleCare replacement iPad having a mysterious photo from 2004—if true at all—could have been caused by something else. Our working theory, as discussed on this week’s Intego Mac Podcast episode 345, is that these two users may have at some point received the photos from someone via AirDrop, or may have downloaded them from a text message or another source, and had simply forgotten about them after deleting them years ago.

Further erosion of trust in Apple

For some people who may not be aware of Apple’s eventual clarifications—or may not believe them—this event may reaffirm tropes that might have a ring of truth: “the cloud” is just someone else’s computer, and tech companies cannot be fully trusted. In recent years, consumers have begun to trust Amazon and even Google more than Apple when it comes to handling personal user data. In an early 2024 poll of U.S. consumers, Amazon was the number-one most trusted tech company, and Google slightly outscored Apple.

The unwanted resurrection of ostensibly deleted images, regardless of the cause, could further erode the trust that some users have in Apple. Even if “a small number of users and a small number of photos” were affected (as Apple claims), those users’ assumptions that sensitive photos and personal information might have been exposed against their will is unsettling.

The partial fix: Upgrade to iOS 17.5.1, iPadOS 17.5.1, tvOS 17.5.1

On Monday, May 20, Apple released iOS 17.5.1 and iPadOS 17.5.1, with a single-issue fix for the problem:

This update provides important bug fixes and addresses a rare issue where photos that experienced database corruption could reappear in the Photos library even if they were deleted.

We encourage users to upgrade to iOS 17.5.1 and iPadOS 17.5.1, since they contain all of the security fixes that were present in 17.5.

On Tuesday, May 21, Apple also released tvOS 17.5.1 to address the same bug.

If you’ve previously sold, given away, or donated an iPhone or iPad that’s compatible with iOS or iPadOS 17.5, or an Apple TV that’s compatible with tvOS 17.5, you may have been worried that your deleted photos might have resurfaced on that device for its current user—but Apple says this would never happen. Nevertheless, if you’ve ever had photos of any sensitive nature in your iCloud library, this turn of events may have understandably caused you some concern. It’s comforting to know that the issue was not as bad as some user reports—and some inflammatory reporting—made it sound at first.

How can I learn more?

We discussed the May 20 and 21 patches, and our theories on what might have really happened (before Apple has released its statement to 9to5Mac), on episode 345 of the Intego Mac Podcast. Give it a listen, or read the show notes and transcript to learn more.

Each week on the Intego Mac Podcast, Intego’s Mac security experts discuss the latest Apple news, including security and privacy stories, and offer practical advice on getting the most out of your Apple devices. Be sure to follow the podcast to make sure you don’t miss any episodes.

You can also subscribe to our e-mail newsletter and keep an eye here on The Mac Security Blog for the latest Apple security and privacy news. And don’t forget to follow Intego on your favorite social media channels: Follow Intego on X/Twitter Follow Intego on Facebook Follow Intego on YouTube Follow Intego on Pinterest Follow Intego on LinkedIn Follow Intego on Instagram Follow the Intego Mac Podcast on Apple Podcasts

About Jay Vrijenhoek

Jay Vrijenhoek is an IT consultant with a passion for Mac security research. View all posts by Jay Vrijenhoek →