"Hey Siri" support and possibly wireless charging case alongside AirPower charging mat.
Security Flaw in iOS 9.3.1 Allows Access to iPhone Photos and Contacts
A video surfaced online yesterday purporting to show a vulnerability in iOS 9.3.1 that allows anyone to access photos and contacts on a locked iPhone without having to enter a passcode.
The YouTube video, uploaded by Jose Rodriguez and first spotted by The Daily Dot, depicts a user performing a Siri search followed by a series of relatively simple steps, one of which involves 3D Touch, limiting the exploit to iPhone 6s and 6s Plus devices.
The procedure starts by invoking Siri on the locked phone by holding the home button or using the "Hey, Siri" function, and then asking the personal assistant to initiate a Twitter search. When the returned results include contact details such as an email address, a 3D Touch gesture is used on the contact information to bring up a Quick Actions menu. Tapping "Add to Existing Contact" then brings up the iPhone's Contacts list. By selecting a contact and opting to add a photo to the entry, the phone's photo library can also be freely accessed.
The flaw is only applicable if the iPhone owner has previously granted Siri permission to access Twitter account information as well as to Contacts or Photos, operations which require establishing ownership of the device with the passcode or Touch ID. Additionally, if the iPhone has exited a Touch ID grace period, a passcode is still required before using Siri.
Users worried about the vulnerability can protect themselves by ensuring Siri's access to Twitter and Photos is disabled. On your device, go to Settings -> Privacy -> Twitter and if Siri is listed, turn off its access. Likewise, in Privacy -> Photos, turn any listing of Siri access to the Off position. Revoking Siri's access to your Contacts requires the more drastic action of disabling Siri lock screen activation. To do so, go to Settings -> Touch ID & Passcode and turn off the Siri switch.
Apple released iOS 9.3.1 to the public last week, marking the first update to iOS 9 since iOS 9.3 launched on March 21. iOS 9.3.1 came just over a week after the launch of iOS 9.3 and brought a fix for a significant web link crashing issue that affected many iOS users.
The YouTube video, uploaded by Jose Rodriguez and first spotted by The Daily Dot, depicts a user performing a Siri search followed by a series of relatively simple steps, one of which involves 3D Touch, limiting the exploit to iPhone 6s and 6s Plus devices.
The procedure starts by invoking Siri on the locked phone by holding the home button or using the "Hey, Siri" function, and then asking the personal assistant to initiate a Twitter search. When the returned results include contact details such as an email address, a 3D Touch gesture is used on the contact information to bring up a Quick Actions menu. Tapping "Add to Existing Contact" then brings up the iPhone's Contacts list. By selecting a contact and opting to add a photo to the entry, the phone's photo library can also be freely accessed.
The flaw is only applicable if the iPhone owner has previously granted Siri permission to access Twitter account information as well as to Contacts or Photos, operations which require establishing ownership of the device with the passcode or Touch ID. Additionally, if the iPhone has exited a Touch ID grace period, a passcode is still required before using Siri.
Users worried about the vulnerability can protect themselves by ensuring Siri's access to Twitter and Photos is disabled. On your device, go to Settings -> Privacy -> Twitter and if Siri is listed, turn off its access. Likewise, in Privacy -> Photos, turn any listing of Siri access to the Off position. Revoking Siri's access to your Contacts requires the more drastic action of disabling Siri lock screen activation. To do so, go to Settings -> Touch ID & Passcode and turn off the Siri switch.
Apple released iOS 9.3.1 to the public last week, marking the first update to iOS 9 since iOS 9.3 launched on March 21. iOS 9.3.1 came just over a week after the launch of iOS 9.3 and brought a fix for a significant web link crashing issue that affected many iOS users.
[ 227 comments ]
Twelve South today announced new additions to its Journal line of products, including Journal options for MacBook Air and MacBook Pro and a new Journal CaddySack for storing accessories.
The...
Apple's HomeKit platform has expanded to support a variety of device categories since its launch in 2014, now including lights, thermostats, ceiling fans, sprinklers, outlets, and humidifiers.
...
Lyft today revealed that a loyalty program for its customers, "Lyft Rewards," will begin rolling out for select passengers in December, allowing these users to be rewarded for using the...
Volkswagen today announced that subscribers of its Car-Net service can now use the iOS app and Siri to lock and unlock their car. The Siri command for this will be, "Hey Siri, lock my car."
...
Apple analyst Ming-Chi Kuo published a new report over the weekend, related to the introduction of new antenna technology that could be coming in next year's iPhone lineup. According to the...
For this week's giveaway, we've teamed up with Understands to offer MacRumors readers a chance to win a high-quality iMac stand or shelf made from wood.
Understands makes a selection of...
As information on Black Friday sales continues to grow, Sam's Club is planning a one-day-only sale for tomorrow, November 10, and it includes a few Apple items. The focus is $30 off...
Micro Center retail stores are offering an impressive $200 off new MacBook Air models, including custom configurations, starting today. This is by far the best deal we've seen on the new...
