New Security Vulnerability Found in iOS 9.3.1 [Video]
A man named Jose Rodriguez has recently discovered a new iOS 9.3.1 vulnerability that allows to bypass the passcode and get access to contacts and photos stored on the device. Take a look at the video to see how one can get access to someone else’s phone.
To demonstrate the security flaw, Rodriguez starts a Twitter search with Siri and after that, using 3D Touch, taps on the contact information to bring up context menu allowing to add this information to existing contact. As you might have guessed, this opens up the list of all contacts stored on the handset, apart from that, lets him choose a photo from the existing photo library.
Fortunately, there’s a way to protect your sensitive data. To do this, block Siri access to Photos and Twitter via Settings - Privacy.
I’m sure Apple will somehow patch the vulnerability with the next software update, but right now we can only fix everything using the instructions above.
If you use an older iPhone without 3D Touch, you can ignore this post as your device is likely out of danger.
Update: Apple has fixed the Siri bug.