iOS 9.3.1 Siri Lock Screen Security Flaw Gets Server-Side Fix
You may remember that a few hours ago, we told you about a new security flaw that had been discovered within iOS 9.3.1 that could allow anyone to access your photos and contacts without the need for a passcode or Touch ID verification. That was undoubtedly bad news, but the good news is that Apple has rolled a fix out to correct this already, and you don’t even need to update anything in order for it to take affect.
For those still catching up, the original issue allowed anyone with access to an iPhone 6s or iPhone 6s Plus to gain access to the photos and contacts saved within that device. This was accomplished by asking Siri to initiate a Twitter search, with the user then using 3D Touch on a phone number or email address in order to bring up the ‘Add a new Contact’ dialogue. At this point, the device’s entire contacts list was available, with photos also accessible by choosing to add a photo to the newly created contact. At no point throughout this process was a passcode requested, meaning anyone could access this data.
Not anymore, however, with Apple having rolled out a server-side fix, which now prompts for some form of authentication, be that a passcode or fingerprint, whenever this process is followed. The best part of all this is that no new version of iOS is required, which in turn means all iOS devices are automatically safer now than they were a matter of hours ago. That has to be good news!
With the original security flaw coming not long after iOS 9.3.1 was released in order to correct another issue that saw devices crash on interaction with links, Apple will no doubt be pleased internally that no new software release was required in order to fix this. Two emergency releases of iOS within a week wouldn’t have looked good at all. iOS 9.3 has already seen two bug-fix updates since its release, with the latest being the current 9.3.1 release and the first, a build update that fixed the initial activation errors experienced by users with older-generation devices.