A bug in iOS 9.3.1 enabled access to certain iPhone content without a passcode or fingerprint scan.
Apple has fixed a bug in iOS 9.3.1 that enabled access to certain iPhone content without a passcode or fingerprint scan.
Uncovered early this week, the security hole required a very particular set of circumstances to work, so most iOS users were probably not at risk. Nonetheless, Apple confirmed to PCMag that the bug was fixed and rolled out to consumers on Tuesday.
To activate it, users had to own a Force Touch-compatible iPhone 6s or 6s Plus and give Siri access to their Twitter account. Perhaps most importantly: a hacker would need to find a tweet containing someone’s email address (or something formatted like one).
If the planets aligned, then it was easy for anyone to launch the 3D Touch Quick Actions menu, tap “Add to Existing Contact,” and gain entry to the user’s contacts list and photos (via profile pictures).
The loophole, according to AppleInsider, was also applicable to Siri results for WhatsApp friends list searches.
If you’re still concerned about potential intruders, try disabling Siri’s Twitter integration and her access to the iPhone’s photo library (visit Settings > Twitter or Privacy > Photos).
The truly paranoid, meanwhile, can entirely incapacitate the virtual assistant.
The tech titan has, in the past, worked to fix similar attempts to bypass iDevice lock screens.
Flaws in iOS 6, iOS 7, and iOS 9 also allowed hackers to circumvent a user’s lock screen.
In September, meanwhile, certain Android phones running unpatched versions of the OS were susceptible to an exploit that easily opened access to a handful of Nexus handsets.