Apple aknowledged that there’s a Siri vulnerability that allowed access to user’s contacts and photos directly from a locked iPhone running iOS 9.3.1. The security flaw used Siri’s ability to access Twitter to find an email link or phone number, which could be pressed to open up an editable list of phonebook contacts even on a device that was locked. The vulnerability through access to contacts, also shows up user’s full photo library on lock screen without the need for a passcode or Touch ID verification. Good news comes so early that Apple has rolled out a fix out to correct this already, and you don’t even need to update anything in order for it to take effect.
To remind you about, the Siri vulnerability, that relied on asking voice assistant to perform a Twitter search. If an email address, phone number, other contact related detail came up, it would give direct access to Photos Library and Contact data. However, it is now disabled on all devices because it is no longer possible for Siri to conduct a Twitter search on a locked iPhone.
For those still catching up, the actual issued allowed anyone with access to an iPhone 6s or iPhone 6s Plus to gain access to the aforementioned tweaks saved within that device. This was finally accomplished asking Siri to initiate, with the user then using 3D Touch on a number or email address to bring up the ‘Add a new Contact’ dialogue. At that point, the device’s entire contacts list was visible, with photographs also accessible by choosing to add a photo to the newly created contact. But it has now been fixed server-side.
With the original security flaw coming not long after iOS 9.3.1 was released in order to correct another issue that saw devices crash on interaction with universal links, Apple will no doubt be plaesed internally that no new software release was required to fix this. Apple having rolled out a server-side fix, now prompts for some form of authentication, be that a passcode or fingerprint, whenever this process is followed. The best part of all this is that no new version of iOS is required anymore, which in return all iOS devices are automatically safer now than they were a matter of hours ago.
Well! This is gonna be radically good news! Two emergency releases of iOS within a week wouldn’t have looked good at all. iOS 9.3 has already seen a couple bug-fix updates since its rollout, with the latest being the currently available to download iOS 9.3.1 and the first, a build update that fixed the initial activation error experienced by users with older-generation devices.
Additionally, to prevent Siri from accessing your photos, head over to Settings > Privacy > Photos and uncheck Siri.
You may also like to check out: