Apple Fixes Siri Bug Allowing Access to Photos and Contacts on Locked Device

A Siri vulnerability that allowed access to a user's photos and contacts on a locked iPhone running iOS 9.3.1 was patched server-side this afternoon by Apple.

Shared last night by Jose Rodriguez, the vulnerability used Siri's ability to access Twitter to find an email link or phone number, which could be pressed to open up an editable list of contacts even on a device that was locked. Through access to contacts, a user's full photo library was also visible.

As seen in the video below, the vulnerability relied on asking Siri to perform a Twitter search. If an email address, phone number, or other contact related detail came up, it would give direct access to Photos and Contact data. While the method worked on the iPhone 6s as of this morning, it is now disabled on all devices because it is no longer possible for Siri to conduct a Twitter search on a locked device.


When using a locked iPhone, asking Siri to "Search Twitter" now results in the personal assistant saying "You'll need to unlock your iPhone first." Without the ability to search Twitter on a locked device, there is no way to get the exploit to work. Apple confirmed the fix in a short statement given to The Washington Post.

According to 9to5Mac, a second Siri-related bug was also fixed today. Previously it was possible to enable both Night Shift and Low Power Mode by asking Siri to enable Night Shift after Low Power Mode was turned on, but that is no longer possible. Siri now warns that turning on Night Shift requires turning off Low Power Mode.

In early iOS 9.3 betas, Night Shift did work with Low Power Mode, but in iOS 9.3 beta 4, Apple removed the functionality. Night Shift and Low Power Mode cannot be run simultaneously.

Tag: iOS 9.3

Top Rated Comments

djcerla Avatar
64 months ago
Hate Apple or not, but you have to give them props for these security updates. Personally, the fact that I only see this bypass on YouTube a few hours ago and have just seen an article about Apple sending out an update to fix it just amazes me. I remember when I had an LG and I had to beg and pray that I would even get an update, lol.
Actually it was a server side fix, not a software update.
[doublepost=1459903747][/doublepost]
Siri is as attractive to me as FaceBook or Microsoft.

I would love an iPhone that didn't support it.
Options>General>Siri>disable

There you have it.
Score: 33 Votes (Like | Disagree)
elmateo487 Avatar
64 months ago
Siri is as attractive to me as FaceBook or Microsoft.

I would love an iPhone that didn't support it.
Wow. Just. Wow. The all high and mighty more attractive than Facebook and Microsoft person can't figure out how to turn off siri
Score: 28 Votes (Like | Disagree)
Hastings101 Avatar
64 months ago
Just today, I was typing away, when suddenly a bloody popup window asked me if I wanted to turn on dictation. Just bugger off, Apple. I don't want your foul news, I don't want your cynical music subscription, I don't want your spam forced down my throat.

I wish Donald Trump was CEO of Apple. He'd be a darn sight better than Cook.
Yeah, he could build a wall around Siri and then we'd never have to hear from her again!
Score: 15 Votes (Like | Disagree)
spherox Avatar
64 months ago
Hate Apple or not, but you have to give them props for these security updates. Personally, the fact that I only see this bypass on YouTube a few hours ago and have just seen an article about Apple sending out an update to fix it just amazes me. I remember when I had an LG and I had to beg and pray that I would even get an update, lol.
Score: 14 Votes (Like | Disagree)
Norbs12 Avatar
64 months ago
Siri is as attractive to me as FaceBook or Microsoft.

I would love an iPhone that didn't support it.
If ONLY there was a way to uhh disable it... :rolleyes:
Score: 14 Votes (Like | Disagree)
CrystalPepsi Avatar
64 months ago
Siri is as attractive to me as FaceBook or Microsoft.

I would love an iPhone that didn't support it.
Wow. Delete your account.
Score: 13 Votes (Like | Disagree)

Top Stories

whatsapp privacy banner

WhatsApp Reveals What Happens to Users Who Don't Agree to Upcoming Privacy Policy Changes

Sunday February 21, 2021 1:11 am PST by
WhatsApp has revealed how it will gradually limit the features available to accounts held by users who do not accept the platform's impending privacy policy changes, due to come into effect on May 15. WhatsApp's new banner explaining the privacy policy changes According to an email seen by TechCrunch to one of its merchant partners, WhatsApp said it will "slowly ask" users who have not yet...
new airpods leaked image 52audios

Alleged Leaked Image Claims to Show Third-Generation AirPods and Case

Sunday February 21, 2021 2:49 am PST by
A new image claims to offer our first real world look at Apple's next-generation AirPods. The image, shared by 52audio, showcases both AirPods and the charging case for what the site claims to be the third iteration of the wireless earbuds. 52audio has in the past shared images claiming to showcase different parts of the third-generation AirPods. Most notably, the site in November shared...
2021 mbp sd slot feature2

Kuo: New MacBook Pro Models With HDMI Port and SD Card Reader to Launch Later This Year

Monday February 22, 2021 8:52 pm PST by
Apple plans to release two new MacBook Pro models equipped with an HDMI port and SD card reader in the second half of 2021, according to analyst Ming-Chi Kuo, who outlined his expectations in a research note obtained by MacRumors. The return of an SD card reader was first reported by Bloomberg's Mark Gurman last month. "We predict that Apple's two new MacBook Pro models in 2H21 will have...
mac security privacy

Apple Takes Step to Prevent Further Spread of 'Silver Sparrow' Malware on Macs

Monday February 22, 2021 6:13 am PST by
Over the weekend, we reported on the second known piece of malware compiled to run natively on M1 Macs. Given the name "Silver Sparrow," the malicious package is said to leverage the macOS Installer JavaScript API to execute suspicious commands. After observing the malware for over a week, however, security firm Red Canary did not observe any final payload, so the exact threat to users remains a...
iphone 12 pro display video

BOE Rumored to Supply iPhone 13 Display Panels After iPhone 12 Failures

Monday February 22, 2021 9:54 am PST by
Display manufacturer BOE will be one of the main suppliers of OLED panels for iPhone 13 models, according to a new report today from Taiwan's Economic Daily News. BOE is said to be working with touch panel manufacturer General Interface Solution (GIS), part of the Hon Hai Group to develop OLED panels. Multiple iPhone 12 rumors suggested that BOE would supply some panels for the devices,...
pink squares macos

Apple Investigating Issue With 'Pink Squares' Appearing on Displays Connected to M1 Mac Mini

Sunday February 21, 2021 11:08 am PST by
In an internal memo this week, obtained by MacRumors, Apple informed service providers that it is aware of and investigating an issue that may result in "pink squares or pixels" appearing on displays connected to an M1 Mac mini. Image via Twitter user @FatihVidyograf This issue has been reported by users across the Apple Support Communities, MacRumors Forums, and Reddit since the M1 Mac mini...
Top Stories 47 Feature

Top Stories: More iOS 14.5 Beta Changes, iPhone 13 Rumors, Apple Watch Charging Issue Fixed

Saturday February 20, 2021 6:00 am PST by
Apple is continuing to tweak things during the iOS 14.5 beta testing period, and it looks like there will be some nice changes coming in the update when it's released to the public in a month or so. This week also saw the release of a watchOS bug fix update for Series 5 and Series SE owners, addressing a serious issue where their watches may not charge after entering Power Reserve mode,...
google chrome macos big sur

Chrome Used 10X More RAM Than Safari on macOS Big Sur in Recent Test [Updated]

Saturday February 20, 2021 12:52 pm PST by
Under normal and lightweight web browsing, Google Chrome uses 10x more RAM than Safari on macOS Big Sur, according to a test conducted by Flotato creator Morten Just (via iMore). In a blog post, Just outlines that he put both browsers to the test in two scenarios on the latest version of macOS. The first test was conducted on a virtual machine, and the second on a 2019 16-inch MacBook Pro...
m1 mac mini

M1 Mac Users Report Excessive SSD Wear

Tuesday February 23, 2021 7:07 am PST by
Over the past week, some M1 Mac users have been reporting alarming SSD health readings, suggesting that these devices are writing extraordinary amounts of data to their drives (via iMore). Across Twitter and the MacRumors forums, users are reporting that M1 Macs are experiencing extremely high drive writes over a short space of time. In what appear to be the most severe cases, M1 Macs are sai...
maxresdefault

Revisiting Apple's MagSafe Leather Wallet After 3 Months of Usage

Saturday February 20, 2021 8:04 am PST by
Back in November when Apple's MagSafe-compatible Leather Wallet first launched, MacRumors videographer Dan took a look at the accessory and ended up disliking it because of the weak magnetic connection. Dan kept using the Leather Wallet despite its flaws, and after three months with the accessory, his opinion has changed and he wanted to share some new thoughts on it. Subscribe to the ...