Apple Fixes Siri Bug Allowing Access to Photos and Contacts on Locked Device
A Siri vulnerability that allowed access to a user's photos and contacts on a locked iPhone running iOS 9.3.1 was patched server-side this afternoon by Apple.
Shared last night by Jose Rodriguez, the vulnerability used Siri's ability to access Twitter to find an email link or phone number, which could be pressed to open up an editable list of contacts even on a device that was locked. Through access to contacts, a user's full photo library was also visible.
As seen in the video below, the vulnerability relied on asking Siri to perform a Twitter search. If an email address, phone number, or other contact related detail came up, it would give direct access to Photos and Contact data. While the method worked on the iPhone 6s as of this morning, it is now disabled on all devices because it is no longer possible for Siri to conduct a Twitter search on a locked device.
When using a locked iPhone, asking Siri to "Search Twitter" now results in the personal assistant saying "You'll need to unlock your iPhone first." Without the ability to search Twitter on a locked device, there is no way to get the exploit to work. Apple confirmed the fix in a short statement given to
The Washington Post.
According to 9to5Mac, a second Siri-related bug was also fixed today. Previously it was possible to enable both Night Shift and Low Power Mode by asking Siri to enable Night Shift after Low Power Mode was turned on, but that is no longer possible. Siri now warns that turning on Night Shift requires turning off Low Power Mode.
In early iOS 9.3 betas, Night Shift did work with Low Power Mode, but in iOS 9.3 beta 4, Apple removed the functionality. Night Shift and Low Power Mode cannot be run simultaneously.
Popular Stories
Following nearly two years of rumors about a fourth-generation iPhone SE, The Information today reported that Apple suppliers are finally planning to begin ramping up mass production of the device in October of this year. If accurate, that timeframe would mean that the next iPhone SE would not be announced alongside the iPhone 16 series in September, as expected. Instead, the report...
Key details about the overall specifications of the iPhone 17 lineup have been shared by the leaker known as "Ice Universe," clarifying several important aspects of next year's devices. Reports in recent months have converged in agreement that Apple will discontinue the "Plus" iPhone model in 2025 while introducing an all-new iPhone 17 "Slim" model as an even more high-end option sitting...
Apple supply chain analyst Ming-Chi Kuo today shared alleged specifications for a new ultra-thin iPhone 17 model rumored to launch next year. Kuo expects the device to be equipped with a 6.6-inch display with a current-size Dynamic Island, a standard A19 chip rather than an A19 Pro chip, a single rear camera, and an Apple-designed 5G chip. He also expects the device to have a...
Apple typically releases its new iPhone series around mid-September, which means we are about two months out from the launch of the iPhone 16. Like the iPhone 15 series, this year's lineup is expected to stick with four models – iPhone 16, iPhone 16 Plus, iPhone 16 Pro, and iPhone 16 Pro Max – although there are plenty of design differences and new features to take into account. To bring ...
Apple’s iCloud Private Relay service is down for some users, according to Apple’s System Status page. Apple says that the iCloud Private Relay service may be slow or unavailable. The outage started at 2:34 p.m. Eastern Time, but it does not appear to be affecting all iCloud users. Some impacted users are unable to browse the web without turning iCloud Private Relay off, while others are...
Apple is planning to release at least one iPhone 17 model next year with mechanical aperture, according to a report published today by The Information. The mechanical system would allow users to adjust the size of the iPhone 17's aperture, which refers to the opening of the camera lens through which light enters. All existing iPhone camera lenses have fixed apertures, but some Android...
