Click to Skip Ad
Closing in...

Apple issues fix for iOS 9.3.1 lock screen hack

iPhone Security Exploit

Apple has confirmed, via The Washington Post, that it has in fact issued a server-side fix for an iPhone 6s bug that enabled access to a device’s photos and contacts without the need to verify one’s identity either via a passcode or Touch ID.

DON’T MISS: Tesla Model 3 is missing an important feature that no one is talking about


What made the bug particularly worrisome is that it was relatively easy to exploit. As we detailed yesterday, the security loophole could be accessed by calling up Siri from a locked homescreen and commanding it to search for an email address or phone number on Twitter. When a search result popped up, a user could simply use 3D Touch to bring up a contextual menu and thereby access a device’s list of contacts. From there, a user’s entire photo library could be seen.

The bug in action can be seen below.


Notably, Apple’s software patch doesn’t require any action on a user’s part. Now, when attempting to conduct a Twitter search via Siri from the lock screen, iOS displays an alert indicating that the phone must be unlocked before the Siri search can continue.

Yoni Heisler has been writing about Apple and the tech industry at large for over 15 years. A life long Mac user and Apple expert, his writing has appeared in Edible Apple, Network World, MacLife, Macworld UK, and TUAW. When not analyzing the latest happenings with Apple, Yoni enjoys catching Improv shows in Chicago, playing soccer, and cultivating new TV show addictions.