iOS 9.3.1 was released last week to many solve problems that users faced in the iOS 9.3 update. Now it seems like Apple may have to release iOS 9.3.2 soon as a new vulnerability discovered by Youtuber Videosdebarraquito allows anyone to access private photos and contacts on a locked iPhone. That’s right, anyone can view all of the photos stored in your camera roll or your contacts list without unlocking the device with a passcode or Touch ID fingerprint scan. For most people this bug is a cause of major concern, as it can put their privacy at risk if someone gets access to their device. This iOS 9.3.1 vulnerability, which is also found on older iOS 9 versions only affects iPhones with 3D Touch including iPhone 6s and iPhone 6s Plus.
Update: Apple has fixed the bug from server side essentially killing the vulnerability. Now when you ask Siri to search Twitter it will ask you to enter the passcode first.
How to view photos or contacts without unlocking iPhone
If you wish to replicate the results on your device to see the glitch in action, then follow the steps below.
- On an iPhone 6s or iPhone 6s Plus say “Hey Siri, search Twitter”.
- Siri will ask you what you want to search on Twitter, to that you need to say “@me.com”. You can replace gmail with any other popular email domain.
- Now Siri will show you the tweets matching your query, tap on the one that contains a full email address.
- Force tap on the email address so a popup appears. Next tap on ‘Add New Contact’ button and then tap on the photo box. Doing so will allow you to view all the photos stored on that device without needing to unlock it with a passcode or Touch ID scan. If you want to view the contacts list instead you can tap on ‘Add to Existing Contact’ button.
You might not be able to succeed in first try so repeat the steps if you fail once or twice. [Source]