Security Flaw in iOS 9.3.1 Allows Access to iPhone Photos and Contacts - MacRumors
Skip to Content

Security Flaw in iOS 9.3.1 Allows Access to iPhone Photos and Contacts

by

A video surfaced online yesterday purporting to show a vulnerability in iOS 9.3.1 that allows anyone to access photos and contacts on a locked iPhone without having to enter a passcode.

The YouTube video, uploaded by Jose Rodriguez and first spotted by The Daily Dot, depicts a user performing a Siri search followed by a series of relatively simple steps, one of which involves 3D Touch, limiting the exploit to iPhone 6s and 6s Plus devices.


The procedure starts by invoking Siri on the locked phone by holding the home button or using the "Hey, Siri" function, and then asking the personal assistant to initiate a Twitter search. When the returned results include contact details such as an email address, a 3D Touch gesture is used on the contact information to bring up a Quick Actions menu. Tapping "Add to Existing Contact" then brings up the iPhone's Contacts list. By selecting a contact and opting to add a photo to the entry, the phone's photo library can also be freely accessed.

The flaw is only applicable if the iPhone owner has previously granted Siri permission to access Twitter account information as well as to Contacts or Photos, operations which require establishing ownership of the device with the passcode or Touch ID. Additionally, if the iPhone has exited a Touch ID grace period, a passcode is still required before using Siri.

Users worried about the vulnerability can protect themselves by ensuring Siri's access to Twitter and Photos is disabled. On your device, go to Settings -> Privacy -> Twitter and if Siri is listed, turn off its access. Likewise, in Privacy -> Photos, turn any listing of Siri access to the Off position. Revoking Siri's access to your Contacts requires the more drastic action of disabling Siri lock screen activation. To do so, go to Settings -> Touch ID & Passcode and turn off the Siri switch.

Apple released iOS 9.3.1 to the public last week, marking the first update to iOS 9 since iOS 9.3 launched on March 21. iOS 9.3.1 came just over a week after the launch of iOS 9.3 and brought a fix for a significant web link crashing issue that affected many iOS users.

Tags: Exploit, iOS 9.3.1
Related Forum: iPhone

Popular Stories

iphone 17 pro black feature

iPhone 18 Pro's Camera Upgrade Will Cost Apple 50% More

Friday May 29, 2026 3:44 am PDT by
The iPhone 18 Pro and iPhone 18 Pro Max's all-new variable aperture lens will cost Apple 50% more than the camera unit used in current models, according to supply chain analyst Ming-Chi Kuo. Variable aperture has been one of the most persistent iPhone camera rumors of the past few years. Kuo first flagged the feature in late 2024, and it has since been corroborated by multiple reports and...
Read Full Article60 comments
HomePod mini and Apple TV Sage

New Apple TV and HomePod Mini Are 'Nearly Ready' to Launch, New Siri Remote Also Rumored

Sunday May 31, 2026 8:47 am PDT by
New models of the Apple TV 4K and HomePod mini are "nearly ready to go," according to the latest word from Bloomberg's Mark Gurman. Subscribe to the MacRumors YouTube channel for more videos. Both devices have been ready "for months," but Apple is holding off on launching them until the more personalized version of Siri is available, he said. "I am told the hardware for the next Apple TV...
Read Full Article129 comments
iphone 18 pro color dummies

First Look at iPhone 18 Pro Color Options Revealed by Dummy Models

Friday May 29, 2026 4:50 am PDT by
Leaker Sonny Dickson today shared images of iPhone 18 Pro dummy models in the device's four rumored colors, offering the first real-world look at what to expect from the lineup visually. Corroborating previous rumors, the dummies show the iPhone 18 Pro Max in Light Blue, Black, Silver, and Dark Cherry. Dickson said "Cherry will probably be the next hit, orange did very well." Cosmic Orange...
Read Full Article150 comments