Date: Wednesday, April 6th, 2016, 08:42
Category: iOS, News, security, Software
A Siri-based vulnerability that allowed access to a user’s photos and contacts under the right conditions under iOS 9.3.1 has been patched server-side by Apple.
Shared recently by Jose Rodriguez, the vulnerability used Siri’s ability to access Twitter to find an email link or phone number, which could be pressed to open up an editable list of contacts even on a device that was locked. Through access to contacts, a user’s full photo library was also visible.
The vulnerability relied on Siri to perform a Twitter search and could give direct access to photos and contacts/ The method appears to have been disabled on all devices as of today.
If you’ve seen this bug on your end, even after the fix, let us know in the comments.