This bug is found by Ade Barkah, a consultant. He says that this security bug occurs because Apple sets the iPhone images security based only on their date. Thus they won't be visible to the date after than the set date.
But if you can set the date back in time, you will be able to view them, albeit your friend's device is in locked stage. So this is another homework for Apple.
The point to all this is that Apple should not rely on a simple timestamp to restrict image access. Changing the iPhone's clock—forwards or backwards—should notaffect its security. We can't guarantee the clock will always monotonically more forward, and when it doesn't, the system should fail-secure.